create config for sm-api

1. create smapi service endpoint, credential
2. create sm-api.conf for sm-api configuration
3. configure haproxy, so sm-api binds to mgmt fixed ip, with haproxy:
    mgmt fixed ip -> mgmt floating ip -> oam floating ip

Story: 2002827
Task: 22744

Change-Id: I743f6b0f09c06325d3c9dc6e11902420882e7931
Signed-off-by: Bin Qian <bin.qian@windriver.com>

centos_pkg_dirs

@@ -16,3 +16,4 @@ puppet-modules-wrs/puppet-patching
 puppet-modules-wrs/puppet-sysinv
 puppet-modules-wrs/puppet-dcorch
 puppet-modules-wrs/puppet-dcmanager
+puppet-modules-wrs/puppet-smapi

puppet-manifests/centos/puppet-manifests.spec

@@ -20,6 +20,7 @@ Requires: puppet-nova_api_proxy
 Requires: puppet-patching
 Requires: puppet-sysinv
 Requires: puppet-sshd
+Requires: puppet-smapi
 
 # Openstack puppet modules
 Requires: puppet-aodh

puppet-manifests/src/manifests/controller.pp

@@ -120,6 +120,7 @@ include ::platform::dcmanager::api
 
 include ::platform::dcorch::snmp
 
+include ::platform::smapi
 include ::platform::sm
 
 class { '::platform::config::controller::post':

puppet-manifests/src/modules/openstack/manifests/keystone.pp

@@ -386,6 +386,9 @@ class openstack::keystone::endpoint::runtime {
       include ::dcorch::keystone::auth
       include ::dcmanager::keystone::auth
     }
+
+    include ::smapi::keystone::auth
+
   }
 }
 

puppet-manifests/src/modules/platform/manifests/smapi.pp

@@ -0,0 +1,60 @@
+class platform::smapi::params (
+   $auth_username = undef,
+   $keystone_auth_url = undef,
+   $keystone_username = undef,
+   $keystone_password = undef,
+   $public_url = undef,
+   $admin_url = undef,
+   $bind_ip = undef,
+   $port = undef,
+   $region = undef,
+) {}
+
+class platform::smap::firewall
+  inherits ::platform::smapi::params {
+
+  platform::firewall::rule { 'sm-api':
+    service_name => 'sm-api',
+    ports        => $port,
+  }
+}
+
+class platform::smapi::haproxy
+  inherits ::platform::smapi::params {
+
+  include ::platform::params
+  include ::platform::haproxy::params
+
+  platform::haproxy::proxy { 'sm-api-internal':
+    server_name  => 's-smapi-internal',
+    public_ip_address => $::platform::haproxy::params::private_ip_address,
+    public_port  => $port,
+    private_ip_address => $bind_ip,
+    private_port => $port,
+  }
+  platform::haproxy::proxy { 'sm-api-public':
+    server_name  => 's-smapi-public',
+    public_port  => $port,
+    private_port => $port,
+  }
+}
+
+class platform::smapi
+  inherits ::platform::smapi::params {
+  if ($::platform::params::init_keystone) {
+      include ::smapi::keystone::auth
+  }
+
+  include ::platform::params
+  include ::platform::smap::firewall
+  include ::platform::smapi::haproxy
+  $bind_host_name = $::platform::params::hostname
+  file { "/etc/sm-api/sm-api.conf":
+    ensure => 'present',
+    content => template('platform/sm-api.conf.erb'),
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0400',
+  }
+}
+

puppet-manifests/src/modules/platform/templates/sm-api.conf.erb

@@ -0,0 +1,21 @@
+#
+# Config file for sm-api.
+#
+[DEFAULT]
+sm_api_port=<%= @port %>
+sm_api_bind_ip=<%= @bind_host_name %>
+api_public_url=<%= @public_url %>
+api_admin_url=<%= @admin_url %>
+
+[keystone_authtoken]
+auth_type=password
+auth_url=<%= @keystone_auth_url %>
+auth_uri=<%= @keystone_auth_url %>
+username=<%= @keystone_username %>
+password=<%= @keystone_password %>
+project_domain_name=Default
+project_name=services
+user_domain_name=Default
+user_name=<%= @keystone_username %>
+region_name=<%= @region %>
+

puppet-modules-wrs/puppet-smapi/PKG_INFO

@@ -0,0 +1,2 @@
+Name: puppet-smapi
+Version: 1.0.0

puppet-modules-wrs/puppet-smapi/centos/build_srpm.data

@@ -0,0 +1,2 @@
+SRC_DIR="src"
+TIS_PATCH_VER=1

puppet-modules-wrs/puppet-smapi/centos/puppet-smapi.spec

@@ -0,0 +1,32 @@
+%global module_dir  smapi
+
+Name:           puppet-%{module_dir}
+Version:        1.0.0
+Release:        %{tis_patch_ver}%{?_tis_dist}
+Summary:        Puppet smapi module
+License:        Apache-2.0
+Packager:       Wind River <info@windriver.com>
+
+URL:            unknown
+
+Source0:        %{name}-%{version}.tar.gz
+
+BuildArch:      noarch
+
+BuildRequires: python2-devel
+
+%description
+A puppet module for smapi
+
+%prep
+%autosetup -c %{module_dir}
+
+#
+# The src for this puppet module needs to be staged to puppet/modules
+#
+%install
+install -d -m 0755 %{buildroot}%{_datadir}/puppet/modules/%{module_dir}
+cp -R %{name}-%{version}/%{module_dir} %{buildroot}%{_datadir}/puppet/modules
+
+%files
+%{_datadir}/puppet/modules/%{module_dir}

puppet-modules-wrs/puppet-smapi/src/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

puppet-modules-wrs/puppet-smapi/src/smapi/manifests/keystone/auth.pp

@@ -0,0 +1,48 @@
+#
+# Files in this package are licensed under Apache; see LICENSE file.
+#
+# Copyright (c) 2018 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+
+# == Class: smapi::keystone::auth
+#
+# Configures smapi user, service and endpoint in Keystone.
+#
+
+class smapi::keystone::auth (
+  $configure_endpoint   = true,
+  $configure_user       = true,
+  $configure_user_role  = true,
+  $password             = 'passwd',
+  $auth_name            = 'smapi',
+  $public_url           = 'http://127.0.0.1:7777',
+  $admin_url            = 'http://127.0.0.1:7777',
+  $internal_url         = 'http://127.0.0.1:7777',
+  $tenant               = 'services',
+  $region               = 'RegionOne',
+  $service_description  = 'sm-api service',
+  $service_name         = 'smapi',
+  $service_type         = 'smapi',
+) {
+
+  $real_service_name = pick($service_name, $auth_name)
+
+  keystone::resource::service_identity { $auth_name:
+    configure_endpoint  => $configure_endpoint,
+    configure_user      => $configure_user,
+    configure_user_role => $configure_user_role,
+    password            => $password,
+    auth_name           => $auth_name,
+    public_url          => $public_url,
+    admin_url           => $admin_url,
+    internal_url        => $internal_url,
+    tenant              => $tenant,
+    region              => $region,
+    service_description => $service_description,
+    service_name        => $real_service_name,
+    service_type        => $service_type,
+  }
+}

sysinv/cgts-client/cgts-client/cgtsclient/client.py

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2014 Wind River Systems, Inc.
+# Copyright (c) 2013-2018 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -32,6 +32,14 @@ def _get_ksclient(**kwargs):
                            cacert=kwargs.get('os_cacert'))
 
 
+def _get_sm_endpoint(client, **kwargs):
+    """Get an endpoint for smapi using the provided keystone client."""
+    return client.auth_ref.service_catalog.url_for(
+        service_type=kwargs.get('service_name') or 'smapi',
+        endpoint_type=kwargs.get('endpoint_type') or 'public',
+        region_name=kwargs.get('os_region_name') or 'RegionOne')
+
+
 def _get_endpoint(client, **kwargs):
     """Get an endpoint using the provided keystone client."""
     return client.auth_ref.service_catalog.url_for(
@@ -106,6 +114,7 @@ def get_client(api_version, **kwargs):
                'and token'))
         raise exc.AmbigiousAuthSystem(e)
 
+    smapi_endpoint = _get_sm_endpoint(_ksclient, **ep_kwargs)
     cli_kwargs = {
         'token': token,
         'insecure': kwargs.get('insecure'),
@@ -116,7 +125,7 @@ def get_client(api_version, **kwargs):
         'key_file': kwargs.get('key_file'),
         'auth_ref': auth_ref,
         'auth_url': kwargs.get('os_auth_url'),
-        'smapi_endpoint': 'http:localhost:7777',
+        'smapi_endpoint': smapi_endpoint,
     }
 
     return Client(api_version, endpoint, **cli_kwargs)

sysinv/sysinv/sysinv/sysinv/api/controllers/v1/sm_api.py

@@ -1,12 +1,14 @@
 #
-# Copyright (c) 2016 Wind River Systems, Inc.
+# Copyright (c) 2016-2018 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
 import json
+import pecan
 import socket
+from rest_api import get_token
 from rest_api import rest_api_request
-
+from sysinv.common.constants import REGION_ONE_NAME
 from sysinv.openstack.common import log
 
 LOG = log.getLogger(__name__)
@@ -17,10 +19,15 @@ SM_API_PATH = "http://{host}:{port}".\
     format(host=SM_API_HOST, port=SM_API_PORT)
 
 
+def _get_token():
+    system = pecan.request.dbapi.isystem_get_one()
+    return get_token(system.region_name)
+
 def swact_pre_check(hostname, timeout):
     """
     Sends a Swact Pre-Check command to SM.
     """
+    token = _get_token()
     api_cmd = SM_API_PATH
     api_cmd += "/v1/servicenode/%s" % hostname
 
@@ -35,7 +42,7 @@ def swact_pre_check(hostname, timeout):
     api_cmd_payload['oper'] = "unknown"
     api_cmd_payload['avail'] = ""
 
-    response = rest_api_request(None, "PATCH", api_cmd, api_cmd_headers,
+    response = rest_api_request(token, "PATCH", api_cmd, api_cmd_headers,
                                 json.dumps(api_cmd_payload), timeout)
 
     return response
@@ -45,6 +52,7 @@ def lock_pre_check(hostname, timeout):
     """
         Sends a Lock Pre-Check command to SM.
         """
+    token = _get_token()
     api_cmd = SM_API_PATH
     api_cmd += "/v1/servicenode/%s" % hostname
 
@@ -59,7 +67,7 @@ def lock_pre_check(hostname, timeout):
     api_cmd_payload['oper'] = "unknown"
     api_cmd_payload['avail'] = ""
 
-    response = rest_api_request(None, "PATCH", api_cmd, api_cmd_headers,
+    response = rest_api_request(token, "PATCH", api_cmd, api_cmd_headers,
                                 json.dumps(api_cmd_payload), timeout)
 
     return response
@@ -69,6 +77,7 @@ def service_list():
     """
     Sends a service list command to SM.
     """
+    token = _get_token()
     api_cmd = SM_API_PATH
     api_cmd += "/v1/services"
 
@@ -77,7 +86,7 @@ def service_list():
     api_cmd_headers['Accept'] = "application/json"
     api_cmd_headers['User-Agent'] = "sysinv/1.0"
 
-    response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None)
+    response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None)
 
     return response
 
@@ -86,6 +95,7 @@ def service_show(hostname):
     """
     Sends a service show command to SM.
     """
+    token = _get_token()
     api_cmd = SM_API_PATH
     api_cmd += "/v1/services/%s" % hostname
 
@@ -94,7 +104,7 @@ def service_show(hostname):
     api_cmd_headers['Accept'] = "application/json"
     api_cmd_headers['User-Agent'] = "sysinv/1.0"
 
-    response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None)
+    response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None)
     return response
 
 
@@ -102,6 +112,7 @@ def servicenode_list():
     """
     Sends a service list command to SM.
     """
+    token = _get_token()
     api_cmd = SM_API_PATH
     api_cmd += "/v1/nodes"
 
@@ -110,7 +121,7 @@ def servicenode_list():
     api_cmd_headers['Accept'] = "application/json"
     api_cmd_headers['User-Agent'] = "sysinv/1.0"
 
-    response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None)
+    response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None)
 
     return response
 
@@ -119,6 +130,7 @@ def servicenode_show(hostname):
     """
     Sends a service show command to SM.
     """
+    token = _get_token()
     api_cmd = SM_API_PATH
     api_cmd += "/v1/nodes/%s" % hostname
 
@@ -127,7 +139,7 @@ def servicenode_show(hostname):
     api_cmd_headers['Accept'] = "application/json"
     api_cmd_headers['User-Agent'] = "sysinv/1.0"
 
-    response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None)
+    response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None)
 
     return response
 
@@ -136,6 +148,7 @@ def sm_servicegroup_list():
     """
     Sends a service list command to SM.
     """
+    token = _get_token()
     api_cmd = SM_API_PATH
     api_cmd += "/v1/sm_sda"
 
@@ -144,7 +157,7 @@ def sm_servicegroup_list():
     api_cmd_headers['Accept'] = "application/json"
     api_cmd_headers['User-Agent'] = "sysinv/1.0"
 
-    response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None)
+    response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None)
 
     # rename the obsolete sm_sda to sm_servicegroups
     if isinstance(response, dict):
@@ -158,6 +171,7 @@ def sm_servicegroup_show(hostname):
     """
     Sends a service show command to SM.
     """
+    token = _get_token()
     api_cmd = SM_API_PATH
     api_cmd += "/v1/sm_sda/%s" % hostname
 
@@ -166,6 +180,6 @@ def sm_servicegroup_show(hostname):
     api_cmd_headers['Accept'] = "application/json"
     api_cmd_headers['User-Agent'] = "sysinv/1.0"
 
-    response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None)
+    response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None)
 
     return response

sysinv/sysinv/sysinv/sysinv/puppet/puppet.py

@@ -49,6 +49,7 @@ from . import storage
 from . import device
 from . import service_parameter
 from . import kubernetes
+from . import smapi
 
 
 LOG = logging.getLogger(__name__)
@@ -103,6 +104,7 @@ class PuppetOperator(object):
         self.ironic = ironic.IronicPuppet(self)
         self.kubernetes = kubernetes.KubernetesPuppet(self)
         self.service_parameter = service_parameter.ServiceParamPuppet(self)
+        self.smapi = smapi.SmPuppet(self)
 
     @property
     def context(self):
@@ -143,6 +145,7 @@ class PuppetOperator(object):
             config.update(self.ldap.get_static_config())
             config.update(self.dcmanager.get_static_config())
             config.update(self.dcorch.get_static_config())
+            config.update(self.smapi.get_static_config())
 
             filename = 'static.yaml'
             self._write_config(filename, config)
@@ -186,6 +189,7 @@ class PuppetOperator(object):
             config.update(self.panko.get_secure_static_config())
             config.update(self.dcmanager.get_secure_static_config())
             config.update(self.dcorch.get_secure_static_config())
+            config.update(self.smapi.get_secure_static_config())
 
             filename = 'secure_static.yaml'
             self._write_config(filename, config)
@@ -224,6 +228,7 @@ class PuppetOperator(object):
             config.update(self.dcmanager.get_system_config())
             config.update(self.dcorch.get_system_config())
             config.update(self.kubernetes.get_system_config())
+            config.update(self.smapi.get_system_config())
             # service_parameter must be last to permit overrides
             config.update(self.service_parameter.get_system_config())
 
@@ -295,6 +300,7 @@ class PuppetOperator(object):
             config.update(self.device.get_host_config(host))
             config.update(self.nova.get_host_config(host))
             config.update(self.neutron.get_host_config(host))
+            config.update(self.smapi.get_host_config(host))
             # service_parameter must be last to permit overrides
             config.update(self.service_parameter.get_host_config(host))
 

sysinv/sysinv/sysinv/sysinv/puppet/smapi.py

@@ -0,0 +1,71 @@
+#
+# Copyright (c) 2018 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+from . import openstack
+
+
+class SmPuppet(openstack.OpenstackBasePuppet):
+    """Class to encapsulate puppet operations for sm configuration"""
+
+    SERVICE_NAME = 'smapi'
+    SERVICE_PORT = 7777
+
+    def get_static_config(self):
+        config = {
+            'platform::smapi::params::auth_username': self.SERVICE_NAME,
+        }
+        return config
+
+    def get_secure_static_config(self):
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        config = {
+            'smapi::keystone::auth::password': kspass,
+            'smapi::keystone::authtoken::password': kspass,
+            'smapi::auth::auth_password': kspass,
+            'platform::smapi::params::keystone_password': kspass,
+        }
+        return config
+
+    def get_system_config(self):
+        ksuser = self._get_service_user_name(self.SERVICE_NAME)
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        config = {
+            'smapi::keystone::authtoken::username': ksuser,
+            'smapi::keystone::authtoken::auth_url': self._keystone_identity_uri(),
+            'smapi::keystone::auth::auth_name': ksuser,
+            'smapi::keystone::auth::public_url': self.get_public_url(),
+            'smapi::keystone::auth::region': self._region_name(),
+            'smapi::keystone::auth::admin_url': self.get_admin_url(),
+            'smapi::keystone::auth::internal_url': self.get_internal_url(),
+
+            'platform::smapi::params::admin_url': self.get_admin_url(),
+            'platform::smapi::params::internal_url': self.get_internal_url(),
+            'platform::smapi::params::keystone_auth_url': self._keystone_identity_uri(),
+            'platform::smapi::params::keystone_username': ksuser,
+            'platform::smapi::params::public_url': self.get_public_url(),
+            'platform::smapi::params::port': self.SERVICE_PORT,
+            'platform::smapi::params::region': self._region_name(),
+        }
+
+        return config
+
+    def get_host_config(self, host):
+        config = {
+            'platform::smapi::params::bind_ip': host.hostname,
+        }
+
+        return config
+
+    def get_public_url(self):
+        return self._format_public_endpoint(self.SERVICE_PORT)
+
+    def get_internal_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT)
+
+    def get_admin_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT)