Generate openrc file in /etc/platform
Create the platform openrc file in /etc/platform, while leaving existing /etc/nova/openrc file alone for now. New platform/client.pp file is created and most of the contents of openstack/client.pp moved there. openstack/client.pp can be removed once kubernetes is the default. Change-Id: Ib6de59da6dfc9f34a24054405b6cda30d0b74ac1 Story: 2002876 Task: 27499 Signed-off-by: Kevin Smith <kevin.smith@windriver.com>
This commit is contained in:
Kevin Smith
@@ -31,10 +31,11 @@ class OpenStack(object):
|
|||||||
self.conf = {}
|
self.conf = {}
|
||||||
self._sysinv = None
|
self._sysinv = None
|
||||||
|
|
||||||
|
source_command = 'source /etc/platform/openrc && env'
|
||||||
|
|
||||||
with open(os.devnull, "w") as fnull:
|
with open(os.devnull, "w") as fnull:
|
||||||
proc = subprocess.Popen(
|
proc = subprocess.Popen(
|
||||||
['bash', '-c',
|
['bash', '-c', source_command],
|
||||||
'source /etc/nova/openrc && env'],
|
|
||||||
stdout=subprocess.PIPE, stderr=fnull)
|
stdout=subprocess.PIPE, stderr=fnull)
|
||||||
|
|
||||||
for line in proc.stdout:
|
for line in proc.stdout:
|
||||||
|
|||||||
@@ -776,9 +776,9 @@ def migrate_hiera_data(from_release, to_release):
|
|||||||
static_config = yaml.load(yaml_file)
|
static_config = yaml.load(yaml_file)
|
||||||
static_config.update({
|
static_config.update({
|
||||||
'platform::params::software_version': SW_VERSION,
|
'platform::params::software_version': SW_VERSION,
|
||||||
'openstack::client::credentials::params::keyring_directory':
|
'platform::client::credentials::params::keyring_directory':
|
||||||
KEYRING_PATH,
|
KEYRING_PATH,
|
||||||
'openstack::client::credentials::params::keyring_file':
|
'platform::client::credentials::params::keyring_file':
|
||||||
os.path.join(KEYRING_PATH, '.CREDENTIAL'),
|
os.path.join(KEYRING_PATH, '.CREDENTIAL'),
|
||||||
})
|
})
|
||||||
with open(static_file, 'w') as yaml_file:
|
with open(static_file, 'w') as yaml_file:
|
||||||
|
|||||||
@@ -128,26 +128,26 @@ def get_upgrade_token(from_release,
|
|||||||
system_config['openstack::keystone::params::api_version'])
|
system_config['openstack::keystone::params::api_version'])
|
||||||
|
|
||||||
admin_user_domain = system_config.get(
|
admin_user_domain = system_config.get(
|
||||||
'openstack::client::params::admin_user_domain')
|
'platform::client::params::admin_user_domain')
|
||||||
if admin_user_domain is None:
|
if admin_user_domain is None:
|
||||||
# This value wasn't present in R2. So may be missing in upgrades from
|
# This value wasn't present in R2. So may be missing in upgrades from
|
||||||
# that release
|
# that release
|
||||||
LOG.info("openstack::client::params::admin_user_domain key not found. "
|
LOG.info("platform::client::params::admin_user_domain key not found. "
|
||||||
"Using Default.")
|
"Using Default.")
|
||||||
admin_user_domain = DEFAULT_DOMAIN_NAME
|
admin_user_domain = DEFAULT_DOMAIN_NAME
|
||||||
|
|
||||||
admin_project_domain = system_config.get(
|
admin_project_domain = system_config.get(
|
||||||
'openstack::client::params::admin_project_domain')
|
'platform::client::params::admin_project_domain')
|
||||||
if admin_project_domain is None:
|
if admin_project_domain is None:
|
||||||
# This value wasn't present in R2. So may be missing in upgrades from
|
# This value wasn't present in R2. So may be missing in upgrades from
|
||||||
# that release
|
# that release
|
||||||
LOG.info("openstack::client::params::admin_project_domain key not "
|
LOG.info("platform::client::params::admin_project_domain key not "
|
||||||
"found. Using Default.")
|
"found. Using Default.")
|
||||||
admin_project_domain = DEFAULT_DOMAIN_NAME
|
admin_project_domain = DEFAULT_DOMAIN_NAME
|
||||||
|
|
||||||
admin_password = get_password_from_keyring("CGCS", "admin")
|
admin_password = get_password_from_keyring("CGCS", "admin")
|
||||||
admin_username = system_config.get(
|
admin_username = system_config.get(
|
||||||
'openstack::client::params::admin_username')
|
'platform::client::params::admin_username')
|
||||||
|
|
||||||
# the upgrade token command
|
# the upgrade token command
|
||||||
keystone_upgrade_token = (
|
keystone_upgrade_token = (
|
||||||
|
|||||||
@@ -194,7 +194,7 @@ keystone::security_compliance::password_regex_description: 'Password must have a
|
|||||||
keystone::roles::admin::email: 'admin@localhost'
|
keystone::roles::admin::email: 'admin@localhost'
|
||||||
keystone::roles::admin::admin_tenant: 'admin'
|
keystone::roles::admin::admin_tenant: 'admin'
|
||||||
|
|
||||||
openstack::client::params::identity_auth_url: 'http://localhost:5000/v3'
|
platform::client::params::identity_auth_url: 'http://localhost:5000/v3'
|
||||||
|
|
||||||
# glance
|
# glance
|
||||||
glance::api::enabled: false
|
glance::api::enabled: false
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ include ::platform::postgresql::bootstrap
|
|||||||
include ::platform::amqp::bootstrap
|
include ::platform::amqp::bootstrap
|
||||||
|
|
||||||
include ::openstack::keystone::bootstrap
|
include ::openstack::keystone::bootstrap
|
||||||
|
include ::platform::client::bootstrap
|
||||||
include ::openstack::client::bootstrap
|
include ::openstack::client::bootstrap
|
||||||
|
|
||||||
include ::platform::sysinv::bootstrap
|
include ::platform::sysinv::bootstrap
|
||||||
|
|||||||
@@ -34,6 +34,7 @@ include ::platform::filesystem::compute
|
|||||||
include ::platform::docker
|
include ::platform::docker
|
||||||
include ::platform::kubernetes::worker
|
include ::platform::kubernetes::worker
|
||||||
include ::platform::multipath
|
include ::platform::multipath
|
||||||
|
include ::platform::client
|
||||||
|
|
||||||
include ::openstack::client
|
include ::openstack::client
|
||||||
include ::openstack::neutron
|
include ::openstack::neutron
|
||||||
|
|||||||
@@ -67,7 +67,7 @@ include ::platform::fm
|
|||||||
include ::platform::fm::api
|
include ::platform::fm::api
|
||||||
|
|
||||||
include ::platform::multipath
|
include ::platform::multipath
|
||||||
|
include ::platform::client
|
||||||
include ::openstack::client
|
include ::openstack::client
|
||||||
include ::openstack::keystone
|
include ::openstack::keystone
|
||||||
include ::openstack::keystone::api
|
include ::openstack::keystone::api
|
||||||
|
|||||||
@@ -16,6 +16,7 @@ include ::platform::postgresql::upgrade
|
|||||||
include ::platform::amqp::upgrade
|
include ::platform::amqp::upgrade
|
||||||
|
|
||||||
include ::openstack::keystone::upgrade
|
include ::openstack::keystone::upgrade
|
||||||
|
include ::platform::client::upgrade
|
||||||
include ::openstack::client::upgrade
|
include ::openstack::client::upgrade
|
||||||
|
|
||||||
include ::openstack::murano::upgrade
|
include ::openstack::murano::upgrade
|
||||||
|
|||||||
@@ -1,19 +1,8 @@
|
|||||||
class openstack::client::params (
|
|
||||||
$admin_username,
|
|
||||||
$identity_auth_url,
|
|
||||||
$identity_region = 'RegionOne',
|
|
||||||
$identity_api_version = 3,
|
|
||||||
$admin_user_domain = 'Default',
|
|
||||||
$admin_project_domain = 'Default',
|
|
||||||
$admin_project_name = 'admin',
|
|
||||||
$keystone_identity_region = 'RegionOne',
|
|
||||||
) { }
|
|
||||||
|
|
||||||
class openstack::client
|
class openstack::client
|
||||||
inherits ::openstack::client::params {
|
inherits ::platform::client::params {
|
||||||
|
|
||||||
include ::openstack::client::credentials::params
|
include ::platform::client::credentials::params
|
||||||
$keyring_file = $::openstack::client::credentials::params::keyring_file
|
$keyring_file = $::platform::client::credentials::params::keyring_file
|
||||||
|
|
||||||
file {"/etc/nova/openrc":
|
file {"/etc/nova/openrc":
|
||||||
ensure => "present",
|
ensure => "present",
|
||||||
@@ -36,41 +25,8 @@ class openstack::client
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
class openstack::client::credentials::params (
|
|
||||||
$keyring_base,
|
|
||||||
$keyring_directory,
|
|
||||||
$keyring_file,
|
|
||||||
) { }
|
|
||||||
|
|
||||||
class openstack::client::credentials
|
|
||||||
inherits ::openstack::client::credentials::params {
|
|
||||||
|
|
||||||
Class['::platform::drbd::platform'] ->
|
|
||||||
file { "${keyring_base}":
|
|
||||||
ensure => 'directory',
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0755',
|
|
||||||
} ->
|
|
||||||
file { "${keyring_directory}":
|
|
||||||
ensure => 'directory',
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0755',
|
|
||||||
} ->
|
|
||||||
file { "${keyring_file}":
|
|
||||||
ensure => 'file',
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
mode => '0755',
|
|
||||||
content => "keyring get CGCS admin"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class openstack::client::bootstrap {
|
class openstack::client::bootstrap {
|
||||||
include ::openstack::client
|
include ::openstack::client
|
||||||
include ::openstack::client::credentials
|
|
||||||
}
|
}
|
||||||
|
|
||||||
class openstack::client::upgrade {
|
class openstack::client::upgrade {
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ class openstack::keystone (
|
|||||||
$bind_host = $::platform::network::mgmt::params::controller_address_url
|
$bind_host = $::platform::network::mgmt::params::controller_address_url
|
||||||
}
|
}
|
||||||
|
|
||||||
Class[$name] -> Class['::openstack::client']
|
Class[$name] -> Class['::platform::client'] -> Class['::openstack::client']
|
||||||
|
|
||||||
include ::keystone::client
|
include ::keystone::client
|
||||||
|
|
||||||
@@ -215,7 +215,7 @@ class openstack::keystone::bootstrap(
|
|||||||
|
|
||||||
include ::keystone::db::postgresql
|
include ::keystone::db::postgresql
|
||||||
|
|
||||||
Class[$name] -> Class['::openstack::client']
|
Class[$name] -> Class['::platform::client'] -> Class['::openstack::client']
|
||||||
|
|
||||||
# Create the parent directory for fernet keys repository
|
# Create the parent directory for fernet keys repository
|
||||||
file { "${keystone_key_repo_path}":
|
file { "${keystone_key_repo_path}":
|
||||||
@@ -265,7 +265,7 @@ class openstack::keystone::reload {
|
|||||||
class openstack::keystone::endpointgroup
|
class openstack::keystone::endpointgroup
|
||||||
inherits ::openstack::keystone::params {
|
inherits ::openstack::keystone::params {
|
||||||
include ::platform::params
|
include ::platform::params
|
||||||
include ::openstack::client
|
include ::platform::client
|
||||||
|
|
||||||
# $::platform::params::init_keystone should be checked by the caller.
|
# $::platform::params::init_keystone should be checked by the caller.
|
||||||
# as this class should be only invoked when initializing keystone.
|
# as this class should be only invoked when initializing keystone.
|
||||||
@@ -274,12 +274,12 @@ class openstack::keystone::endpointgroup
|
|||||||
if ($::platform::params::distributed_cloud_role =='systemcontroller') {
|
if ($::platform::params::distributed_cloud_role =='systemcontroller') {
|
||||||
$reference_region = $::openstack::keystone::params::region_name
|
$reference_region = $::openstack::keystone::params::region_name
|
||||||
$system_controller_region = $::openstack::keystone::params::system_controller_region
|
$system_controller_region = $::openstack::keystone::params::system_controller_region
|
||||||
$os_username = $::openstack::client::params::admin_username
|
$os_username = $::platform::client::params::admin_username
|
||||||
$identity_region = $::openstack::client::params::identity_region
|
$identity_region = $::platform::client::params::identity_region
|
||||||
$keystone_region = $::openstack::client::params::keystone_identity_region
|
$keystone_region = $::platform::client::params::keystone_identity_region
|
||||||
$keyring_file = $::openstack::client::credentials::params::keyring_file
|
$keyring_file = $::platform::client::credentials::params::keyring_file
|
||||||
$auth_url = $::openstack::client::params::identity_auth_url
|
$auth_url = $::platform::client::params::identity_auth_url
|
||||||
$os_project_name = $::openstack::client::params::admin_project_name
|
$os_project_name = $::platform::client::params::admin_project_name
|
||||||
$api_version = 3
|
$api_version = 3
|
||||||
|
|
||||||
file { "/etc/keystone/keystone-${reference_region}-filter.conf":
|
file { "/etc/keystone/keystone-${reference_region}-filter.conf":
|
||||||
@@ -317,6 +317,7 @@ class openstack::keystone::endpointgroup
|
|||||||
|
|
||||||
|
|
||||||
class openstack::keystone::server::runtime {
|
class openstack::keystone::server::runtime {
|
||||||
|
include ::platform::client
|
||||||
include ::openstack::client
|
include ::openstack::client
|
||||||
include ::openstack::keystone
|
include ::openstack::keystone
|
||||||
|
|
||||||
|
|||||||
65
puppet-manifests/src/modules/platform/manifests/client.pp
Normal file
65
puppet-manifests/src/modules/platform/manifests/client.pp
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
class platform::client::params (
|
||||||
|
$admin_username,
|
||||||
|
$identity_auth_url,
|
||||||
|
$identity_region = 'RegionOne',
|
||||||
|
$identity_api_version = 3,
|
||||||
|
$admin_user_domain = 'Default',
|
||||||
|
$admin_project_domain = 'Default',
|
||||||
|
$admin_project_name = 'admin',
|
||||||
|
$keystone_identity_region = 'RegionOne',
|
||||||
|
) { }
|
||||||
|
|
||||||
|
class platform::client
|
||||||
|
inherits ::platform::client::params {
|
||||||
|
|
||||||
|
include ::platform::client::credentials::params
|
||||||
|
$keyring_file = $::platform::client::credentials::params::keyring_file
|
||||||
|
|
||||||
|
file {"/etc/platform/openrc":
|
||||||
|
ensure => "present",
|
||||||
|
mode => '0640',
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
content => template('platform/openrc.admin.erb'),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class platform::client::credentials::params (
|
||||||
|
$keyring_base,
|
||||||
|
$keyring_directory,
|
||||||
|
$keyring_file,
|
||||||
|
) { }
|
||||||
|
|
||||||
|
class platform::client::credentials
|
||||||
|
inherits ::platform::client::credentials::params {
|
||||||
|
|
||||||
|
Class['::platform::drbd::platform'] ->
|
||||||
|
file { "${keyring_base}":
|
||||||
|
ensure => 'directory',
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0755',
|
||||||
|
} ->
|
||||||
|
file { "${keyring_directory}":
|
||||||
|
ensure => 'directory',
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0755',
|
||||||
|
} ->
|
||||||
|
file { "${keyring_file}":
|
||||||
|
ensure => 'file',
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0755',
|
||||||
|
content => "keyring get CGCS admin"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class platform::client::bootstrap {
|
||||||
|
include ::platform::client
|
||||||
|
include ::platform::client::credentials
|
||||||
|
}
|
||||||
|
|
||||||
|
class platform::client::upgrade {
|
||||||
|
include ::platform::client
|
||||||
|
}
|
||||||
@@ -28,8 +28,8 @@ class platform::mtce
|
|||||||
include ::openstack::ceilometer::params
|
include ::openstack::ceilometer::params
|
||||||
$ceilometer_port = $::openstack::ceilometer::params::api_port
|
$ceilometer_port = $::openstack::ceilometer::params::api_port
|
||||||
|
|
||||||
include ::openstack::client::credentials::params
|
include ::platform::client::credentials::params
|
||||||
$keyring_directory = $::openstack::client::credentials::params::keyring_directory
|
$keyring_directory = $::platform::client::credentials::params::keyring_directory
|
||||||
|
|
||||||
file { "/etc/mtc.ini":
|
file { "/etc/mtc.ini":
|
||||||
ensure => present,
|
ensure => present,
|
||||||
|
|||||||
@@ -158,14 +158,14 @@ class platform::sm
|
|||||||
|
|
||||||
$ost_cl_ctrl_host = $::platform::network::mgmt::params::controller_address_url
|
$ost_cl_ctrl_host = $::platform::network::mgmt::params::controller_address_url
|
||||||
|
|
||||||
include ::openstack::client::params
|
include ::platform::client::params
|
||||||
|
|
||||||
$os_username = $::openstack::client::params::admin_username
|
$os_username = $::platform::client::params::admin_username
|
||||||
$os_project_name = 'admin'
|
$os_project_name = 'admin'
|
||||||
$os_auth_url = $os_keystone_auth_url
|
$os_auth_url = $os_keystone_auth_url
|
||||||
$system_url = "http://${ost_cl_ctrl_host}:6385"
|
$system_url = "http://${ost_cl_ctrl_host}:6385"
|
||||||
$os_user_domain_name = $::openstack::client::params::admin_user_domain
|
$os_user_domain_name = $::platform::client::params::admin_user_domain
|
||||||
$os_project_domain_name = $::openstack::client::params::admin_project_domain
|
$os_project_domain_name = $::platform::client::params::admin_project_domain
|
||||||
|
|
||||||
# Nova
|
# Nova
|
||||||
$db_server_port = '5432'
|
$db_server_port = '5432'
|
||||||
|
|||||||
@@ -0,0 +1,24 @@
|
|||||||
|
unset OS_SERVICE_TOKEN
|
||||||
|
|
||||||
|
export OS_ENDPOINT_TYPE=internalURL
|
||||||
|
export CINDER_ENDPOINT_TYPE=internalURL
|
||||||
|
|
||||||
|
export OS_USERNAME=<%= @admin_username %>
|
||||||
|
export OS_PASSWORD=`TERM=linux <%= @keyring_file %> 2>/dev/null`
|
||||||
|
export OS_AUTH_TYPE=password
|
||||||
|
export OS_AUTH_URL=<%= @identity_auth_url %>
|
||||||
|
|
||||||
|
export OS_PROJECT_NAME=<%= @admin_project_name %>
|
||||||
|
export OS_USER_DOMAIN_NAME=<%= @admin_user_domain %>
|
||||||
|
export OS_PROJECT_DOMAIN_NAME=<%= @admin_project_domain %>
|
||||||
|
export OS_IDENTITY_API_VERSION=<%= @identity_api_version %>
|
||||||
|
export OS_REGION_NAME=<%= @identity_region %>
|
||||||
|
export OS_KEYSTONE_REGION_NAME=<%= @keystone_identity_region %>
|
||||||
|
export OS_INTERFACE=internal
|
||||||
|
|
||||||
|
if [ ! -z "${OS_PASSWORD}" ]; then
|
||||||
|
export PS1='[\u@\h \W(keystone_$OS_USERNAME)]\$ '
|
||||||
|
else
|
||||||
|
echo 'Openstack Admin credentials can only be loaded from the active controller.'
|
||||||
|
export PS1='\h:\w\$ '
|
||||||
|
fi
|
||||||
@@ -46,13 +46,13 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
|
|||||||
return {
|
return {
|
||||||
'keystone::db::postgresql::user': dbuser,
|
'keystone::db::postgresql::user': dbuser,
|
||||||
|
|
||||||
'openstack::client::params::admin_username': admin_username,
|
'platform::client::params::admin_username': admin_username,
|
||||||
|
|
||||||
'openstack::client::credentials::params::keyring_base':
|
'platform::client::credentials::params::keyring_base':
|
||||||
os.path.dirname(tsconfig.KEYRING_PATH),
|
os.path.dirname(tsconfig.KEYRING_PATH),
|
||||||
'openstack::client::credentials::params::keyring_directory':
|
'platform::client::credentials::params::keyring_directory':
|
||||||
tsconfig.KEYRING_PATH,
|
tsconfig.KEYRING_PATH,
|
||||||
'openstack::client::credentials::params::keyring_file':
|
'platform::client::credentials::params::keyring_file':
|
||||||
os.path.join(tsconfig.KEYRING_PATH, '.CREDENTIAL'),
|
os.path.join(tsconfig.KEYRING_PATH, '.CREDENTIAL'),
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -93,17 +93,17 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
|
|||||||
|
|
||||||
'keystone::roles::admin::admin': admin_username,
|
'keystone::roles::admin::admin': admin_username,
|
||||||
|
|
||||||
'openstack::client::params::admin_username': admin_username,
|
'platform::client::params::admin_username': admin_username,
|
||||||
'openstack::client::params::admin_project_name': admin_project,
|
'platform::client::params::admin_project_name': admin_project,
|
||||||
'openstack::client::params::admin_user_domain':
|
'platform::client::params::admin_user_domain':
|
||||||
self.get_admin_user_domain(),
|
self.get_admin_user_domain(),
|
||||||
'openstack::client::params::admin_project_domain':
|
'platform::client::params::admin_project_domain':
|
||||||
self.get_admin_project_domain(),
|
self.get_admin_project_domain(),
|
||||||
'openstack::client::params::identity_region': self._region_name(),
|
'platform::client::params::identity_region': self._region_name(),
|
||||||
'openstack::client::params::identity_auth_url': self.get_auth_url(),
|
'platform::client::params::identity_auth_url': self.get_auth_url(),
|
||||||
'openstack::client::params::keystone_identity_region':
|
'platform::client::params::keystone_identity_region':
|
||||||
self._identity_specific_region_name(),
|
self._identity_specific_region_name(),
|
||||||
'openstack::client::params::auth_region':
|
'platform::client::params::auth_region':
|
||||||
self._identity_specific_region_name(),
|
self._identity_specific_region_name(),
|
||||||
'openstack::keystone::params::api_version': self.SERVICE_PATH,
|
'openstack::keystone::params::api_version': self.SERVICE_PATH,
|
||||||
'openstack::keystone::params::identity_uri':
|
'openstack::keystone::params::identity_uri':
|
||||||
|
|||||||
Reference in New Issue
Block a user