Generate openrc file in /etc/platform

Create the platform openrc file in /etc/platform, while
leaving existing /etc/nova/openrc file alone for now.
New platform/client.pp file is created and most of the
contents of openstack/client.pp moved there.
openstack/client.pp can be removed once kubernetes is the
default.

Change-Id: Ib6de59da6dfc9f34a24054405b6cda30d0b74ac1
Story: 2002876
Task: 27499
Signed-off-by: Kevin Smith <kevin.smith@windriver.com>

controllerconfig/controllerconfig/controllerconfig/openstack.py

@@ -31,10 +31,11 @@ class OpenStack(object):
         self.conf = {}
         self._sysinv = None
 
+        source_command = 'source /etc/platform/openrc && env'
+
         with open(os.devnull, "w") as fnull:
             proc = subprocess.Popen(
-                ['bash', '-c',
-                 'source /etc/nova/openrc && env'],
+                ['bash', '-c', source_command],
                 stdout=subprocess.PIPE, stderr=fnull)
 
         for line in proc.stdout:

controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py

@@ -776,9 +776,9 @@ def migrate_hiera_data(from_release, to_release):
             static_config = yaml.load(yaml_file)
         static_config.update({
             'platform::params::software_version': SW_VERSION,
-            'openstack::client::credentials::params::keyring_directory':
+            'platform::client::credentials::params::keyring_directory':
                 KEYRING_PATH,
-            'openstack::client::credentials::params::keyring_file':
+            'platform::client::credentials::params::keyring_file':
                 os.path.join(KEYRING_PATH, '.CREDENTIAL'),
         })
         with open(static_file, 'w') as yaml_file:

controllerconfig/controllerconfig/controllerconfig/upgrades/utils.py

@@ -128,26 +128,26 @@ def get_upgrade_token(from_release,
         system_config['openstack::keystone::params::api_version'])
 
     admin_user_domain = system_config.get(
-        'openstack::client::params::admin_user_domain')
+        'platform::client::params::admin_user_domain')
     if admin_user_domain is None:
         # This value wasn't present in R2. So may be missing in upgrades from
         # that release
-        LOG.info("openstack::client::params::admin_user_domain key not found. "
+        LOG.info("platform::client::params::admin_user_domain key not found. "
                  "Using Default.")
         admin_user_domain = DEFAULT_DOMAIN_NAME
 
     admin_project_domain = system_config.get(
-        'openstack::client::params::admin_project_domain')
+        'platform::client::params::admin_project_domain')
     if admin_project_domain is None:
         # This value wasn't present in R2. So may be missing in upgrades from
         # that release
-        LOG.info("openstack::client::params::admin_project_domain key not "
+        LOG.info("platform::client::params::admin_project_domain key not "
                  "found. Using Default.")
         admin_project_domain = DEFAULT_DOMAIN_NAME
 
     admin_password = get_password_from_keyring("CGCS", "admin")
     admin_username = system_config.get(
-        'openstack::client::params::admin_username')
+        'platform::client::params::admin_username')
 
     # the upgrade token command
     keystone_upgrade_token = (

puppet-manifests/src/hieradata/controller.yaml

@@ -194,7 +194,7 @@ keystone::security_compliance::password_regex_description: 'Password must have a
 keystone::roles::admin::email: 'admin@localhost'
 keystone::roles::admin::admin_tenant: 'admin'
 
-openstack::client::params::identity_auth_url: 'http://localhost:5000/v3'
+platform::client::params::identity_auth_url: 'http://localhost:5000/v3'
 
 # glance
 glance::api::enabled: false

puppet-manifests/src/manifests/bootstrap.pp

@@ -15,6 +15,7 @@ include ::platform::postgresql::bootstrap
 include ::platform::amqp::bootstrap
 
 include ::openstack::keystone::bootstrap
+include ::platform::client::bootstrap
 include ::openstack::client::bootstrap
 
 include ::platform::sysinv::bootstrap

puppet-manifests/src/manifests/compute.pp

@@ -34,6 +34,7 @@ include ::platform::filesystem::compute
 include ::platform::docker
 include ::platform::kubernetes::worker
 include ::platform::multipath
+include ::platform::client
 
 include ::openstack::client
 include ::openstack::neutron

puppet-manifests/src/manifests/controller.pp

@@ -67,7 +67,7 @@ include ::platform::fm
 include ::platform::fm::api
 
 include ::platform::multipath
-
+include ::platform::client
 include ::openstack::client
 include ::openstack::keystone
 include ::openstack::keystone::api

puppet-manifests/src/manifests/upgrade.pp

@@ -16,6 +16,7 @@ include ::platform::postgresql::upgrade
 include ::platform::amqp::upgrade
 
 include ::openstack::keystone::upgrade
+include ::platform::client::upgrade
 include ::openstack::client::upgrade
 
 include ::openstack::murano::upgrade

puppet-manifests/src/modules/openstack/manifests/client.pp

@@ -1,19 +1,8 @@
-class openstack::client::params (
-  $admin_username,
-  $identity_auth_url,
-  $identity_region = 'RegionOne',
-  $identity_api_version = 3,
-  $admin_user_domain = 'Default',
-  $admin_project_domain = 'Default',
-  $admin_project_name = 'admin',
-  $keystone_identity_region = 'RegionOne',
-) { }
-
 class openstack::client
-  inherits ::openstack::client::params {
+  inherits ::platform::client::params {
 
-  include ::openstack::client::credentials::params
-  $keyring_file = $::openstack::client::credentials::params::keyring_file
+  include ::platform::client::credentials::params
+  $keyring_file = $::platform::client::credentials::params::keyring_file
 
   file {"/etc/nova/openrc":
     ensure  => "present",
@@ -36,41 +25,8 @@ class openstack::client
   }
 }
 
-
-class openstack::client::credentials::params (
-  $keyring_base,
-  $keyring_directory,
-  $keyring_file,
-) { }
-
-class openstack::client::credentials
-  inherits ::openstack::client::credentials::params {
-
-  Class['::platform::drbd::platform'] ->
-  file { "${keyring_base}":
-    ensure  => 'directory',
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0755',
-  } ->
-  file { "${keyring_directory}":
-    ensure  => 'directory',
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0755',
-  } ->
-  file { "${keyring_file}":
-    ensure  => 'file',
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0755',
-    content => "keyring get CGCS admin"
-  }
-}
-
 class openstack::client::bootstrap {
   include ::openstack::client
-  include ::openstack::client::credentials
 }
 
 class openstack::client::upgrade {

puppet-manifests/src/modules/openstack/manifests/keystone.pp

@@ -52,7 +52,7 @@ class openstack::keystone (
       $bind_host = $::platform::network::mgmt::params::controller_address_url
     }
 
-    Class[$name] -> Class['::openstack::client']
+    Class[$name] -> Class['::platform::client'] -> Class['::openstack::client']
 
     include ::keystone::client
     
@@ -215,7 +215,7 @@ class openstack::keystone::bootstrap(
 
     include ::keystone::db::postgresql
 
-    Class[$name] -> Class['::openstack::client']
+    Class[$name] -> Class['::platform::client'] -> Class['::openstack::client']
 
     # Create the parent directory for fernet keys repository
     file { "${keystone_key_repo_path}":
@@ -265,7 +265,7 @@ class openstack::keystone::reload {
 class openstack::keystone::endpointgroup
   inherits ::openstack::keystone::params {
   include ::platform::params
-  include ::openstack::client
+  include ::platform::client
 
   # $::platform::params::init_keystone should be checked by the caller.
   # as this class should be only invoked when initializing keystone.
@@ -274,12 +274,12 @@ class openstack::keystone::endpointgroup
   if ($::platform::params::distributed_cloud_role =='systemcontroller') {
     $reference_region = $::openstack::keystone::params::region_name
     $system_controller_region = $::openstack::keystone::params::system_controller_region
-    $os_username = $::openstack::client::params::admin_username
-    $identity_region = $::openstack::client::params::identity_region
-    $keystone_region = $::openstack::client::params::keystone_identity_region
-    $keyring_file = $::openstack::client::credentials::params::keyring_file
-    $auth_url = $::openstack::client::params::identity_auth_url
-    $os_project_name = $::openstack::client::params::admin_project_name
+    $os_username = $::platform::client::params::admin_username
+    $identity_region = $::platform::client::params::identity_region
+    $keystone_region = $::platform::client::params::keystone_identity_region
+    $keyring_file = $::platform::client::credentials::params::keyring_file
+    $auth_url = $::platform::client::params::identity_auth_url
+    $os_project_name = $::platform::client::params::admin_project_name
     $api_version = 3
 
     file { "/etc/keystone/keystone-${reference_region}-filter.conf":
@@ -317,6 +317,7 @@ class openstack::keystone::endpointgroup
 
 
 class openstack::keystone::server::runtime {
+  include ::platform::client
   include ::openstack::client
   include ::openstack::keystone
 

puppet-manifests/src/modules/platform/manifests/client.pp

@@ -0,0 +1,65 @@
+class platform::client::params (
+  $admin_username,
+  $identity_auth_url,
+  $identity_region = 'RegionOne',
+  $identity_api_version = 3,
+  $admin_user_domain = 'Default',
+  $admin_project_domain = 'Default',
+  $admin_project_name = 'admin',
+  $keystone_identity_region = 'RegionOne',
+) { }
+
+class platform::client
+  inherits ::platform::client::params {
+
+  include ::platform::client::credentials::params
+  $keyring_file = $::platform::client::credentials::params::keyring_file
+
+  file {"/etc/platform/openrc":
+    ensure  => "present",
+    mode    => '0640',
+    owner   => 'root',
+    group   => 'root',
+    content => template('platform/openrc.admin.erb'),
+  }
+}
+
+class platform::client::credentials::params (
+  $keyring_base,
+  $keyring_directory,
+  $keyring_file,
+) { }
+
+class platform::client::credentials
+  inherits ::platform::client::credentials::params {
+
+  Class['::platform::drbd::platform'] ->
+  file { "${keyring_base}":
+    ensure  => 'directory',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+  } ->
+  file { "${keyring_directory}":
+    ensure  => 'directory',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+  } ->
+  file { "${keyring_file}":
+    ensure  => 'file',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+    content => "keyring get CGCS admin"
+  }
+}
+
+class platform::client::bootstrap {
+  include ::platform::client
+  include ::platform::client::credentials
+}
+
+class platform::client::upgrade {
+  include ::platform::client
+}

puppet-manifests/src/modules/platform/manifests/mtce.pp

@@ -28,8 +28,8 @@ class platform::mtce
   include ::openstack::ceilometer::params
   $ceilometer_port = $::openstack::ceilometer::params::api_port
 
-  include ::openstack::client::credentials::params
-  $keyring_directory = $::openstack::client::credentials::params::keyring_directory
+  include ::platform::client::credentials::params
+  $keyring_directory = $::platform::client::credentials::params::keyring_directory
 
   file { "/etc/mtc.ini":
     ensure  => present,

puppet-manifests/src/modules/platform/manifests/sm.pp

@@ -158,14 +158,14 @@ class platform::sm
 
   $ost_cl_ctrl_host         = $::platform::network::mgmt::params::controller_address_url
 
-  include ::openstack::client::params
+  include ::platform::client::params
 
-  $os_username              = $::openstack::client::params::admin_username
+  $os_username              = $::platform::client::params::admin_username
   $os_project_name          = 'admin'
   $os_auth_url              = $os_keystone_auth_url
   $system_url               = "http://${ost_cl_ctrl_host}:6385"
-  $os_user_domain_name      = $::openstack::client::params::admin_user_domain
-  $os_project_domain_name   = $::openstack::client::params::admin_project_domain
+  $os_user_domain_name      = $::platform::client::params::admin_user_domain
+  $os_project_domain_name   = $::platform::client::params::admin_project_domain
 
   # Nova
   $db_server_port           = '5432'

puppet-manifests/src/modules/platform/templates/openrc.admin.erb

@@ -0,0 +1,24 @@
+unset OS_SERVICE_TOKEN
+
+export OS_ENDPOINT_TYPE=internalURL
+export CINDER_ENDPOINT_TYPE=internalURL
+
+export OS_USERNAME=<%= @admin_username %>
+export OS_PASSWORD=`TERM=linux <%= @keyring_file %> 2>/dev/null`
+export OS_AUTH_TYPE=password
+export OS_AUTH_URL=<%= @identity_auth_url %>
+
+export OS_PROJECT_NAME=<%= @admin_project_name %>
+export OS_USER_DOMAIN_NAME=<%= @admin_user_domain %>
+export OS_PROJECT_DOMAIN_NAME=<%= @admin_project_domain %>
+export OS_IDENTITY_API_VERSION=<%= @identity_api_version %>
+export OS_REGION_NAME=<%= @identity_region %>
+export OS_KEYSTONE_REGION_NAME=<%= @keystone_identity_region %>
+export OS_INTERFACE=internal
+
+if [ ! -z "${OS_PASSWORD}" ]; then
+    export PS1='[\u@\h \W(keystone_$OS_USERNAME)]\$ '
+else
+    echo 'Openstack Admin credentials can only be loaded from the active controller.'
+    export PS1='\h:\w\$ '
+fi

sysinv/sysinv/sysinv/sysinv/puppet/keystone.py

@@ -46,13 +46,13 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
         return {
             'keystone::db::postgresql::user': dbuser,
 
-            'openstack::client::params::admin_username': admin_username,
+            'platform::client::params::admin_username': admin_username,
 
-            'openstack::client::credentials::params::keyring_base':
+            'platform::client::credentials::params::keyring_base':
                 os.path.dirname(tsconfig.KEYRING_PATH),
-            'openstack::client::credentials::params::keyring_directory':
+            'platform::client::credentials::params::keyring_directory':
                 tsconfig.KEYRING_PATH,
-            'openstack::client::credentials::params::keyring_file':
+            'platform::client::credentials::params::keyring_file':
                 os.path.join(tsconfig.KEYRING_PATH, '.CREDENTIAL'),
         }
 
@@ -93,17 +93,17 @@ class KeystonePuppet(openstack.OpenstackBasePuppet):
 
             'keystone::roles::admin::admin': admin_username,
 
-            'openstack::client::params::admin_username': admin_username,
-            'openstack::client::params::admin_project_name': admin_project,
-            'openstack::client::params::admin_user_domain':
+            'platform::client::params::admin_username': admin_username,
+            'platform::client::params::admin_project_name': admin_project,
+            'platform::client::params::admin_user_domain':
                 self.get_admin_user_domain(),
-            'openstack::client::params::admin_project_domain':
+            'platform::client::params::admin_project_domain':
                 self.get_admin_project_domain(),
-            'openstack::client::params::identity_region': self._region_name(),
-            'openstack::client::params::identity_auth_url': self.get_auth_url(),
-            'openstack::client::params::keystone_identity_region':
+            'platform::client::params::identity_region': self._region_name(),
+            'platform::client::params::identity_auth_url': self.get_auth_url(),
+            'platform::client::params::keystone_identity_region':
                 self._identity_specific_region_name(),
-            'openstack::client::params::auth_region':
+            'platform::client::params::auth_region':
                 self._identity_specific_region_name(),
             'openstack::keystone::params::api_version': self.SERVICE_PATH,
             'openstack::keystone::params::identity_uri':