diff --git a/centos_pkg_dirs b/centos_pkg_dirs index b60d9d3c85..f16bc3eabe 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -16,3 +16,4 @@ puppet-modules-wrs/puppet-patching puppet-modules-wrs/puppet-sysinv puppet-modules-wrs/puppet-dcorch puppet-modules-wrs/puppet-dcmanager +puppet-modules-wrs/puppet-smapi diff --git a/puppet-manifests/centos/puppet-manifests.spec b/puppet-manifests/centos/puppet-manifests.spec index 7dbaca964e..d3f6904765 100644 --- a/puppet-manifests/centos/puppet-manifests.spec +++ b/puppet-manifests/centos/puppet-manifests.spec @@ -20,6 +20,7 @@ Requires: puppet-nova_api_proxy Requires: puppet-patching Requires: puppet-sysinv Requires: puppet-sshd +Requires: puppet-smapi # Openstack puppet modules Requires: puppet-aodh diff --git a/puppet-manifests/src/manifests/controller.pp b/puppet-manifests/src/manifests/controller.pp index d01485b7f5..89e733c41d 100644 --- a/puppet-manifests/src/manifests/controller.pp +++ b/puppet-manifests/src/manifests/controller.pp @@ -120,6 +120,7 @@ include ::platform::dcmanager::api include ::platform::dcorch::snmp +include ::platform::smapi include ::platform::sm class { '::platform::config::controller::post': diff --git a/puppet-manifests/src/modules/openstack/manifests/keystone.pp b/puppet-manifests/src/modules/openstack/manifests/keystone.pp index 512f911f78..500e29b14f 100644 --- a/puppet-manifests/src/modules/openstack/manifests/keystone.pp +++ b/puppet-manifests/src/modules/openstack/manifests/keystone.pp @@ -386,6 +386,9 @@ class openstack::keystone::endpoint::runtime { include ::dcorch::keystone::auth include ::dcmanager::keystone::auth } + + include ::smapi::keystone::auth + } } diff --git a/puppet-manifests/src/modules/platform/manifests/smapi.pp b/puppet-manifests/src/modules/platform/manifests/smapi.pp new file mode 100644 index 0000000000..1a87148c6f --- /dev/null +++ b/puppet-manifests/src/modules/platform/manifests/smapi.pp @@ -0,0 +1,60 @@ +class platform::smapi::params ( + $auth_username = undef, + $keystone_auth_url = undef, + $keystone_username = undef, + $keystone_password = undef, + $public_url = undef, + $admin_url = undef, + $bind_ip = undef, + $port = undef, + $region = undef, +) {} + +class platform::smap::firewall + inherits ::platform::smapi::params { + + platform::firewall::rule { 'sm-api': + service_name => 'sm-api', + ports => $port, + } +} + +class platform::smapi::haproxy + inherits ::platform::smapi::params { + + include ::platform::params + include ::platform::haproxy::params + + platform::haproxy::proxy { 'sm-api-internal': + server_name => 's-smapi-internal', + public_ip_address => $::platform::haproxy::params::private_ip_address, + public_port => $port, + private_ip_address => $bind_ip, + private_port => $port, + } + platform::haproxy::proxy { 'sm-api-public': + server_name => 's-smapi-public', + public_port => $port, + private_port => $port, + } +} + +class platform::smapi + inherits ::platform::smapi::params { + if ($::platform::params::init_keystone) { + include ::smapi::keystone::auth + } + + include ::platform::params + include ::platform::smap::firewall + include ::platform::smapi::haproxy + $bind_host_name = $::platform::params::hostname + file { "/etc/sm-api/sm-api.conf": + ensure => 'present', + content => template('platform/sm-api.conf.erb'), + owner => 'root', + group => 'root', + mode => '0400', + } +} + diff --git a/puppet-manifests/src/modules/platform/templates/sm-api.conf.erb b/puppet-manifests/src/modules/platform/templates/sm-api.conf.erb new file mode 100644 index 0000000000..5b1146c8fb --- /dev/null +++ b/puppet-manifests/src/modules/platform/templates/sm-api.conf.erb @@ -0,0 +1,21 @@ +# +# Config file for sm-api. +# +[DEFAULT] +sm_api_port=<%= @port %> +sm_api_bind_ip=<%= @bind_host_name %> +api_public_url=<%= @public_url %> +api_admin_url=<%= @admin_url %> + +[keystone_authtoken] +auth_type=password +auth_url=<%= @keystone_auth_url %> +auth_uri=<%= @keystone_auth_url %> +username=<%= @keystone_username %> +password=<%= @keystone_password %> +project_domain_name=Default +project_name=services +user_domain_name=Default +user_name=<%= @keystone_username %> +region_name=<%= @region %> + diff --git a/puppet-modules-wrs/puppet-smapi/PKG_INFO b/puppet-modules-wrs/puppet-smapi/PKG_INFO new file mode 100644 index 0000000000..b508066de0 --- /dev/null +++ b/puppet-modules-wrs/puppet-smapi/PKG_INFO @@ -0,0 +1,2 @@ +Name: puppet-smapi +Version: 1.0.0 diff --git a/puppet-modules-wrs/puppet-smapi/centos/build_srpm.data b/puppet-modules-wrs/puppet-smapi/centos/build_srpm.data new file mode 100644 index 0000000000..3f8ebcf32e --- /dev/null +++ b/puppet-modules-wrs/puppet-smapi/centos/build_srpm.data @@ -0,0 +1,2 @@ +SRC_DIR="src" +TIS_PATCH_VER=1 diff --git a/puppet-modules-wrs/puppet-smapi/centos/puppet-smapi.spec b/puppet-modules-wrs/puppet-smapi/centos/puppet-smapi.spec new file mode 100644 index 0000000000..7dcde56ac0 --- /dev/null +++ b/puppet-modules-wrs/puppet-smapi/centos/puppet-smapi.spec @@ -0,0 +1,32 @@ +%global module_dir smapi + +Name: puppet-%{module_dir} +Version: 1.0.0 +Release: %{tis_patch_ver}%{?_tis_dist} +Summary: Puppet smapi module +License: Apache-2.0 +Packager: Wind River + +URL: unknown + +Source0: %{name}-%{version}.tar.gz + +BuildArch: noarch + +BuildRequires: python2-devel + +%description +A puppet module for smapi + +%prep +%autosetup -c %{module_dir} + +# +# The src for this puppet module needs to be staged to puppet/modules +# +%install +install -d -m 0755 %{buildroot}%{_datadir}/puppet/modules/%{module_dir} +cp -R %{name}-%{version}/%{module_dir} %{buildroot}%{_datadir}/puppet/modules + +%files +%{_datadir}/puppet/modules/%{module_dir} diff --git a/puppet-modules-wrs/puppet-smapi/src/LICENSE b/puppet-modules-wrs/puppet-smapi/src/LICENSE new file mode 100644 index 0000000000..d645695673 --- /dev/null +++ b/puppet-modules-wrs/puppet-smapi/src/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/puppet-modules-wrs/puppet-smapi/src/smapi/manifests/keystone/auth.pp b/puppet-modules-wrs/puppet-smapi/src/smapi/manifests/keystone/auth.pp new file mode 100644 index 0000000000..14d77ad4f9 --- /dev/null +++ b/puppet-modules-wrs/puppet-smapi/src/smapi/manifests/keystone/auth.pp @@ -0,0 +1,48 @@ +# +# Files in this package are licensed under Apache; see LICENSE file. +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + + +# == Class: smapi::keystone::auth +# +# Configures smapi user, service and endpoint in Keystone. +# + +class smapi::keystone::auth ( + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, + $password = 'passwd', + $auth_name = 'smapi', + $public_url = 'http://127.0.0.1:7777', + $admin_url = 'http://127.0.0.1:7777', + $internal_url = 'http://127.0.0.1:7777', + $tenant = 'services', + $region = 'RegionOne', + $service_description = 'sm-api service', + $service_name = 'smapi', + $service_type = 'smapi', +) { + + $real_service_name = pick($service_name, $auth_name) + + keystone::resource::service_identity { $auth_name: + configure_endpoint => $configure_endpoint, + configure_user => $configure_user, + configure_user_role => $configure_user_role, + password => $password, + auth_name => $auth_name, + public_url => $public_url, + admin_url => $admin_url, + internal_url => $internal_url, + tenant => $tenant, + region => $region, + service_description => $service_description, + service_name => $real_service_name, + service_type => $service_type, + } +} diff --git a/sysinv/cgts-client/cgts-client/cgtsclient/client.py b/sysinv/cgts-client/cgts-client/cgtsclient/client.py index a47e10e24f..c60df0b6a7 100644 --- a/sysinv/cgts-client/cgts-client/cgtsclient/client.py +++ b/sysinv/cgts-client/cgts-client/cgtsclient/client.py @@ -1,5 +1,5 @@ # -# Copyright (c) 2013-2014 Wind River Systems, Inc. +# Copyright (c) 2013-2018 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -32,6 +32,14 @@ def _get_ksclient(**kwargs): cacert=kwargs.get('os_cacert')) +def _get_sm_endpoint(client, **kwargs): + """Get an endpoint for smapi using the provided keystone client.""" + return client.auth_ref.service_catalog.url_for( + service_type=kwargs.get('service_name') or 'smapi', + endpoint_type=kwargs.get('endpoint_type') or 'public', + region_name=kwargs.get('os_region_name') or 'RegionOne') + + def _get_endpoint(client, **kwargs): """Get an endpoint using the provided keystone client.""" return client.auth_ref.service_catalog.url_for( @@ -106,6 +114,7 @@ def get_client(api_version, **kwargs): 'and token')) raise exc.AmbigiousAuthSystem(e) + smapi_endpoint = _get_sm_endpoint(_ksclient, **ep_kwargs) cli_kwargs = { 'token': token, 'insecure': kwargs.get('insecure'), @@ -116,7 +125,7 @@ def get_client(api_version, **kwargs): 'key_file': kwargs.get('key_file'), 'auth_ref': auth_ref, 'auth_url': kwargs.get('os_auth_url'), - 'smapi_endpoint': 'http:localhost:7777', + 'smapi_endpoint': smapi_endpoint, } return Client(api_version, endpoint, **cli_kwargs) diff --git a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/sm_api.py b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/sm_api.py index 58aecbc506..2ca68fa57a 100755 --- a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/sm_api.py +++ b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/sm_api.py @@ -1,12 +1,14 @@ # -# Copyright (c) 2016 Wind River Systems, Inc. +# Copyright (c) 2016-2018 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # import json +import pecan import socket +from rest_api import get_token from rest_api import rest_api_request - +from sysinv.common.constants import REGION_ONE_NAME from sysinv.openstack.common import log LOG = log.getLogger(__name__) @@ -17,10 +19,15 @@ SM_API_PATH = "http://{host}:{port}".\ format(host=SM_API_HOST, port=SM_API_PORT) +def _get_token(): + system = pecan.request.dbapi.isystem_get_one() + return get_token(system.region_name) + def swact_pre_check(hostname, timeout): """ Sends a Swact Pre-Check command to SM. """ + token = _get_token() api_cmd = SM_API_PATH api_cmd += "/v1/servicenode/%s" % hostname @@ -35,7 +42,7 @@ def swact_pre_check(hostname, timeout): api_cmd_payload['oper'] = "unknown" api_cmd_payload['avail'] = "" - response = rest_api_request(None, "PATCH", api_cmd, api_cmd_headers, + response = rest_api_request(token, "PATCH", api_cmd, api_cmd_headers, json.dumps(api_cmd_payload), timeout) return response @@ -45,6 +52,7 @@ def lock_pre_check(hostname, timeout): """ Sends a Lock Pre-Check command to SM. """ + token = _get_token() api_cmd = SM_API_PATH api_cmd += "/v1/servicenode/%s" % hostname @@ -59,7 +67,7 @@ def lock_pre_check(hostname, timeout): api_cmd_payload['oper'] = "unknown" api_cmd_payload['avail'] = "" - response = rest_api_request(None, "PATCH", api_cmd, api_cmd_headers, + response = rest_api_request(token, "PATCH", api_cmd, api_cmd_headers, json.dumps(api_cmd_payload), timeout) return response @@ -69,6 +77,7 @@ def service_list(): """ Sends a service list command to SM. """ + token = _get_token() api_cmd = SM_API_PATH api_cmd += "/v1/services" @@ -77,7 +86,7 @@ def service_list(): api_cmd_headers['Accept'] = "application/json" api_cmd_headers['User-Agent'] = "sysinv/1.0" - response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None) + response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None) return response @@ -86,6 +95,7 @@ def service_show(hostname): """ Sends a service show command to SM. """ + token = _get_token() api_cmd = SM_API_PATH api_cmd += "/v1/services/%s" % hostname @@ -94,7 +104,7 @@ def service_show(hostname): api_cmd_headers['Accept'] = "application/json" api_cmd_headers['User-Agent'] = "sysinv/1.0" - response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None) + response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None) return response @@ -102,6 +112,7 @@ def servicenode_list(): """ Sends a service list command to SM. """ + token = _get_token() api_cmd = SM_API_PATH api_cmd += "/v1/nodes" @@ -110,7 +121,7 @@ def servicenode_list(): api_cmd_headers['Accept'] = "application/json" api_cmd_headers['User-Agent'] = "sysinv/1.0" - response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None) + response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None) return response @@ -119,6 +130,7 @@ def servicenode_show(hostname): """ Sends a service show command to SM. """ + token = _get_token() api_cmd = SM_API_PATH api_cmd += "/v1/nodes/%s" % hostname @@ -127,7 +139,7 @@ def servicenode_show(hostname): api_cmd_headers['Accept'] = "application/json" api_cmd_headers['User-Agent'] = "sysinv/1.0" - response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None) + response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None) return response @@ -136,6 +148,7 @@ def sm_servicegroup_list(): """ Sends a service list command to SM. """ + token = _get_token() api_cmd = SM_API_PATH api_cmd += "/v1/sm_sda" @@ -144,7 +157,7 @@ def sm_servicegroup_list(): api_cmd_headers['Accept'] = "application/json" api_cmd_headers['User-Agent'] = "sysinv/1.0" - response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None) + response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None) # rename the obsolete sm_sda to sm_servicegroups if isinstance(response, dict): @@ -158,6 +171,7 @@ def sm_servicegroup_show(hostname): """ Sends a service show command to SM. """ + token = _get_token() api_cmd = SM_API_PATH api_cmd += "/v1/sm_sda/%s" % hostname @@ -166,6 +180,6 @@ def sm_servicegroup_show(hostname): api_cmd_headers['Accept'] = "application/json" api_cmd_headers['User-Agent'] = "sysinv/1.0" - response = rest_api_request(None, "GET", api_cmd, api_cmd_headers, None) + response = rest_api_request(token, "GET", api_cmd, api_cmd_headers, None) return response diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/puppet.py b/sysinv/sysinv/sysinv/sysinv/puppet/puppet.py index 15a763e0d8..1d1fe9c3fc 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/puppet.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/puppet.py @@ -49,6 +49,7 @@ from . import storage from . import device from . import service_parameter from . import kubernetes +from . import smapi LOG = logging.getLogger(__name__) @@ -103,6 +104,7 @@ class PuppetOperator(object): self.ironic = ironic.IronicPuppet(self) self.kubernetes = kubernetes.KubernetesPuppet(self) self.service_parameter = service_parameter.ServiceParamPuppet(self) + self.smapi = smapi.SmPuppet(self) @property def context(self): @@ -143,6 +145,7 @@ class PuppetOperator(object): config.update(self.ldap.get_static_config()) config.update(self.dcmanager.get_static_config()) config.update(self.dcorch.get_static_config()) + config.update(self.smapi.get_static_config()) filename = 'static.yaml' self._write_config(filename, config) @@ -186,6 +189,7 @@ class PuppetOperator(object): config.update(self.panko.get_secure_static_config()) config.update(self.dcmanager.get_secure_static_config()) config.update(self.dcorch.get_secure_static_config()) + config.update(self.smapi.get_secure_static_config()) filename = 'secure_static.yaml' self._write_config(filename, config) @@ -224,6 +228,7 @@ class PuppetOperator(object): config.update(self.dcmanager.get_system_config()) config.update(self.dcorch.get_system_config()) config.update(self.kubernetes.get_system_config()) + config.update(self.smapi.get_system_config()) # service_parameter must be last to permit overrides config.update(self.service_parameter.get_system_config()) @@ -295,6 +300,7 @@ class PuppetOperator(object): config.update(self.device.get_host_config(host)) config.update(self.nova.get_host_config(host)) config.update(self.neutron.get_host_config(host)) + config.update(self.smapi.get_host_config(host)) # service_parameter must be last to permit overrides config.update(self.service_parameter.get_host_config(host)) diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/smapi.py b/sysinv/sysinv/sysinv/sysinv/puppet/smapi.py new file mode 100644 index 0000000000..bf7248fbcc --- /dev/null +++ b/sysinv/sysinv/sysinv/sysinv/puppet/smapi.py @@ -0,0 +1,71 @@ +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from . import openstack + + +class SmPuppet(openstack.OpenstackBasePuppet): + """Class to encapsulate puppet operations for sm configuration""" + + SERVICE_NAME = 'smapi' + SERVICE_PORT = 7777 + + def get_static_config(self): + config = { + 'platform::smapi::params::auth_username': self.SERVICE_NAME, + } + return config + + def get_secure_static_config(self): + kspass = self._get_service_password(self.SERVICE_NAME) + + config = { + 'smapi::keystone::auth::password': kspass, + 'smapi::keystone::authtoken::password': kspass, + 'smapi::auth::auth_password': kspass, + 'platform::smapi::params::keystone_password': kspass, + } + return config + + def get_system_config(self): + ksuser = self._get_service_user_name(self.SERVICE_NAME) + kspass = self._get_service_password(self.SERVICE_NAME) + + config = { + 'smapi::keystone::authtoken::username': ksuser, + 'smapi::keystone::authtoken::auth_url': self._keystone_identity_uri(), + 'smapi::keystone::auth::auth_name': ksuser, + 'smapi::keystone::auth::public_url': self.get_public_url(), + 'smapi::keystone::auth::region': self._region_name(), + 'smapi::keystone::auth::admin_url': self.get_admin_url(), + 'smapi::keystone::auth::internal_url': self.get_internal_url(), + + 'platform::smapi::params::admin_url': self.get_admin_url(), + 'platform::smapi::params::internal_url': self.get_internal_url(), + 'platform::smapi::params::keystone_auth_url': self._keystone_identity_uri(), + 'platform::smapi::params::keystone_username': ksuser, + 'platform::smapi::params::public_url': self.get_public_url(), + 'platform::smapi::params::port': self.SERVICE_PORT, + 'platform::smapi::params::region': self._region_name(), + } + + return config + + def get_host_config(self, host): + config = { + 'platform::smapi::params::bind_ip': host.hostname, + } + + return config + + def get_public_url(self): + return self._format_public_endpoint(self.SERVICE_PORT) + + def get_internal_url(self): + return self._format_private_endpoint(self.SERVICE_PORT) + + def get_admin_url(self): + return self._format_private_endpoint(self.SERVICE_PORT)