Merge "Barbican configuration thru Puppet and SysInv."
This commit is contained in:
commit
346762619e
@ -1,3 +1,3 @@
|
|||||||
SRC_DIR="configutilities"
|
SRC_DIR="configutilities"
|
||||||
COPY_LIST="$SRC_DIR/LICENSE"
|
COPY_LIST="$SRC_DIR/LICENSE"
|
||||||
TIS_PATCH_VER=35
|
TIS_PATCH_VER=36
|
||||||
|
@ -45,6 +45,8 @@ EXPECTED_SERVICE_NAME_AND_TYPE = (
|
|||||||
"GNOCCHI_SERVICE_TYPE": "metric",
|
"GNOCCHI_SERVICE_TYPE": "metric",
|
||||||
"FM_SERVICE_NAME": "fm",
|
"FM_SERVICE_NAME": "fm",
|
||||||
"FM_SERVICE_TYPE": "faultmanagement",
|
"FM_SERVICE_TYPE": "faultmanagement",
|
||||||
|
"BARBICAN_SERVICE_NAME": "barbican",
|
||||||
|
"BARBICAN_SERVICE_TYPE": "key-manager",
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
||||||
|
@ -1048,6 +1048,14 @@ class ConfigValidator(object):
|
|||||||
fm_password = get_optional(self.conf, 'REGION_2_SERVICES',
|
fm_password = get_optional(self.conf, 'REGION_2_SERVICES',
|
||||||
'FM_PASSWORD')
|
'FM_PASSWORD')
|
||||||
|
|
||||||
|
# validate barbican service name and type
|
||||||
|
get_service(self.conf, 'REGION_2_SERVICES', 'BARBICAN_SERVICE_NAME')
|
||||||
|
get_service(self.conf, 'REGION_2_SERVICES', 'BARBICAN_SERVICE_TYPE')
|
||||||
|
barbican_user_name = self.conf.get('REGION_2_SERVICES',
|
||||||
|
'BARBICAN_USER_NAME')
|
||||||
|
barbican_password = get_optional(self.conf, 'REGION_2_SERVICES',
|
||||||
|
'BARBICAN_PASSWORD')
|
||||||
|
|
||||||
if self.conf.has_option('REGION_2_SERVICES', 'USER_DOMAIN_NAME'):
|
if self.conf.has_option('REGION_2_SERVICES', 'USER_DOMAIN_NAME'):
|
||||||
user_domain = self.conf.get('REGION_2_SERVICES',
|
user_domain = self.conf.get('REGION_2_SERVICES',
|
||||||
'USER_DOMAIN_NAME')
|
'USER_DOMAIN_NAME')
|
||||||
@ -1158,6 +1166,10 @@ class ConfigValidator(object):
|
|||||||
self.cgcs_conf.set('cREGION', 'GNOCCHI_PASSWORD', gnocchi_password)
|
self.cgcs_conf.set('cREGION', 'GNOCCHI_PASSWORD', gnocchi_password)
|
||||||
self.cgcs_conf.set('cREGION', 'FM_USER_NAME', fm_user_name)
|
self.cgcs_conf.set('cREGION', 'FM_USER_NAME', fm_user_name)
|
||||||
self.cgcs_conf.set('cREGION', 'FM_PASSWORD', fm_password)
|
self.cgcs_conf.set('cREGION', 'FM_PASSWORD', fm_password)
|
||||||
|
self.cgcs_conf.set('cREGION', 'BARBICAN_USER_NAME',
|
||||||
|
barbican_user_name)
|
||||||
|
self.cgcs_conf.set('cREGION', 'BARBICAN_PASSWORD',
|
||||||
|
barbican_password)
|
||||||
|
|
||||||
self.cgcs_conf.set('cREGION', 'USER_DOMAIN_NAME',
|
self.cgcs_conf.set('cREGION', 'USER_DOMAIN_NAME',
|
||||||
user_domain)
|
user_domain)
|
||||||
|
@ -731,6 +731,7 @@ class REG2SERVICESPage2(ConfigPage):
|
|||||||
self.fields['GNOCCHI_PASSWORD'] = Field(
|
self.fields['GNOCCHI_PASSWORD'] = Field(
|
||||||
text="GNOCCHI user password",
|
text="GNOCCHI user password",
|
||||||
type=TYPES.string, initial="")
|
type=TYPES.string, initial="")
|
||||||
|
|
||||||
self.fields['FM_USER_NAME'] = Field(
|
self.fields['FM_USER_NAME'] = Field(
|
||||||
text="FM username",
|
text="FM username",
|
||||||
type=TYPES.string, initial="fm")
|
type=TYPES.string, initial="fm")
|
||||||
@ -738,6 +739,13 @@ class REG2SERVICESPage2(ConfigPage):
|
|||||||
text="FM user password",
|
text="FM user password",
|
||||||
type=TYPES.string, initial="")
|
type=TYPES.string, initial="")
|
||||||
|
|
||||||
|
self.fields['BARBICAN_USER_NAME'] = Field(
|
||||||
|
text="Barbican username",
|
||||||
|
type=TYPES.string, initial="barbican")
|
||||||
|
self.fields['BARBICAN_PASSWORD'] = Field(
|
||||||
|
text="Barbican user password",
|
||||||
|
type=TYPES.string, initial="")
|
||||||
|
|
||||||
def validate_page(self):
|
def validate_page(self):
|
||||||
self.prev.validate_page()
|
self.prev.validate_page()
|
||||||
super(REG2SERVICESPage2, self).validate_page()
|
super(REG2SERVICESPage2, self).validate_page()
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
SRC_DIR="controllerconfig"
|
SRC_DIR="controllerconfig"
|
||||||
TIS_PATCH_VER=148
|
TIS_PATCH_VER=149
|
||||||
|
@ -70,7 +70,7 @@ def get_backup_databases(cinder_config=False):
|
|||||||
REGION_LOCAL_DATABASES = ('postgres', 'template1', 'nova', 'sysinv',
|
REGION_LOCAL_DATABASES = ('postgres', 'template1', 'nova', 'sysinv',
|
||||||
'neutron', 'heat', 'nova_api',
|
'neutron', 'heat', 'nova_api',
|
||||||
'aodh', 'murano', 'magnum', 'panko', 'ironic',
|
'aodh', 'murano', 'magnum', 'panko', 'ironic',
|
||||||
'nova_cell0', 'gnocchi', 'fm')
|
'nova_cell0', 'gnocchi', 'fm', 'barbican')
|
||||||
REGION_SHARED_DATABASES = ('glance', 'keystone')
|
REGION_SHARED_DATABASES = ('glance', 'keystone')
|
||||||
|
|
||||||
if cinder_config:
|
if cinder_config:
|
||||||
|
@ -509,6 +509,8 @@ class ConfigAssistant():
|
|||||||
self.nfv_ks_password = ""
|
self.nfv_ks_password = ""
|
||||||
self.fm_ks_user_name = ""
|
self.fm_ks_user_name = ""
|
||||||
self.fm_ks_password = ""
|
self.fm_ks_password = ""
|
||||||
|
self.barbican_ks_user_name = ""
|
||||||
|
self.barbican_ks_password = ""
|
||||||
|
|
||||||
self.ldap_region_name = ""
|
self.ldap_region_name = ""
|
||||||
self.ldap_service_name = ""
|
self.ldap_service_name = ""
|
||||||
@ -2894,6 +2896,13 @@ class ConfigAssistant():
|
|||||||
self.add_password_for_validation('FM_PASSWORD',
|
self.add_password_for_validation('FM_PASSWORD',
|
||||||
self.fm_ks_password)
|
self.fm_ks_password)
|
||||||
|
|
||||||
|
self.barbican_ks_user_name = config.get(
|
||||||
|
'cREGION', 'BARBICAN_USER_NAME')
|
||||||
|
self.barbican_ks_password = config.get(
|
||||||
|
'cREGION', 'BARBICAN_PASSWORD')
|
||||||
|
self.add_password_for_validation('BARBICAN_PASSWORD',
|
||||||
|
self.barbican_ks_password)
|
||||||
|
|
||||||
self.shared_services.append(self.keystone_service_type)
|
self.shared_services.append(self.keystone_service_type)
|
||||||
if self.glance_region_name == self.region_1_name:
|
if self.glance_region_name == self.region_1_name:
|
||||||
self.shared_services.append(self.glance_service_type)
|
self.shared_services.append(self.glance_service_type)
|
||||||
@ -3469,6 +3478,10 @@ class ConfigAssistant():
|
|||||||
self.fm_ks_user_name)
|
self.fm_ks_user_name)
|
||||||
f.write("FM_PASSWORD=%s\n" %
|
f.write("FM_PASSWORD=%s\n" %
|
||||||
self.fm_ks_password)
|
self.fm_ks_password)
|
||||||
|
f.write("BARBICAN_USER_NAME=%s\n" %
|
||||||
|
self.barbican_ks_user_name)
|
||||||
|
f.write("BARBICAN_PASSWORD=%s\n" %
|
||||||
|
self.barbican_ks_password)
|
||||||
|
|
||||||
# Subcloud configuration
|
# Subcloud configuration
|
||||||
if self.subcloud_config():
|
if self.subcloud_config():
|
||||||
@ -3974,6 +3987,14 @@ class ConfigAssistant():
|
|||||||
'capabilities': capabilities}
|
'capabilities': capabilities}
|
||||||
client.sysinv.sm_service.service_create(**values)
|
client.sysinv.sm_service.service_create(**values)
|
||||||
|
|
||||||
|
# barbican service config
|
||||||
|
capabilities = {'user_name': self.barbican_ks_user_name}
|
||||||
|
values = {'name': "barbican",
|
||||||
|
'enabled': True,
|
||||||
|
'region_name': self.region_2_name,
|
||||||
|
'capabilities': capabilities}
|
||||||
|
client.sysinv.sm_service.service_create(**values)
|
||||||
|
|
||||||
def _store_service_password(self):
|
def _store_service_password(self):
|
||||||
# store service password in the temporary keyring vault
|
# store service password in the temporary keyring vault
|
||||||
|
|
||||||
@ -4035,6 +4056,10 @@ class ConfigAssistant():
|
|||||||
keyring.set_password('fm', constants.DEFAULT_SERVICE_PROJECT_NAME,
|
keyring.set_password('fm', constants.DEFAULT_SERVICE_PROJECT_NAME,
|
||||||
self.fm_ks_password)
|
self.fm_ks_password)
|
||||||
|
|
||||||
|
keyring.set_password('barbican',
|
||||||
|
constants.DEFAULT_SERVICE_PROJECT_NAME,
|
||||||
|
self.barbican_ks_password)
|
||||||
|
|
||||||
del os.environ["XDG_DATA_HOME"]
|
del os.environ["XDG_DATA_HOME"]
|
||||||
|
|
||||||
def _populate_network_config(self, client):
|
def _populate_network_config(self, client):
|
||||||
|
@ -56,7 +56,8 @@ EXPECTED_USERS = [
|
|||||||
('REGION_2_SERVICES', 'MTCE', 'mtce'),
|
('REGION_2_SERVICES', 'MTCE', 'mtce'),
|
||||||
('REGION_2_SERVICES', 'PANKO', 'panko'),
|
('REGION_2_SERVICES', 'PANKO', 'panko'),
|
||||||
('REGION_2_SERVICES', 'GNOCCHI', 'gnocchi'),
|
('REGION_2_SERVICES', 'GNOCCHI', 'gnocchi'),
|
||||||
('REGION_2_SERVICES', 'FM', 'fm')]
|
('REGION_2_SERVICES', 'FM', 'fm'),
|
||||||
|
('REGION_2_SERVICES', 'BARBICAN', 'barbican')]
|
||||||
|
|
||||||
EXPECTED_SHARED_SERVICES_NEUTRON_USER = ('SHARED_SERVICES', 'NEUTRON',
|
EXPECTED_SHARED_SERVICES_NEUTRON_USER = ('SHARED_SERVICES', 'NEUTRON',
|
||||||
'neutron')
|
'neutron')
|
||||||
@ -135,6 +136,11 @@ EXPECTED_REGION2_ENDPOINTS = [
|
|||||||
'http://{}:18002',
|
'http://{}:18002',
|
||||||
'http://{}:18002',
|
'http://{}:18002',
|
||||||
'Fault Management Service'),
|
'Fault Management Service'),
|
||||||
|
('BARBICAN_SERVICE_NAME', 'BARBICAN_SERVICE_TYPE',
|
||||||
|
'http://{}:9311',
|
||||||
|
'http://{}:9311',
|
||||||
|
'http://{}:9311',
|
||||||
|
'OpenStack Key Manager Service'),
|
||||||
]
|
]
|
||||||
|
|
||||||
EXPECTED_NEUTRON_ENDPOINT = (
|
EXPECTED_NEUTRON_ENDPOINT = (
|
||||||
|
@ -125,6 +125,8 @@ GNOCCHI_USER_NAME=gnocchiTWO
|
|||||||
GNOCCHI_PASSWORD=password2WO*
|
GNOCCHI_PASSWORD=password2WO*
|
||||||
FM_USER_NAME=fmTWO
|
FM_USER_NAME=fmTWO
|
||||||
FM_PASSWORD=password2WO*
|
FM_PASSWORD=password2WO*
|
||||||
|
BARBICAN_USER_NAME=barbican
|
||||||
|
BARBICAN_PASSWORD=barbican2WO*
|
||||||
|
|
||||||
[VERSION]
|
[VERSION]
|
||||||
RELEASE = TEST.SW.VERSION
|
RELEASE = TEST.SW.VERSION
|
||||||
|
@ -112,6 +112,8 @@ GNOCCHI_USER_NAME = gnocchiTWO
|
|||||||
GNOCCHI_PASSWORD = password2WO*
|
GNOCCHI_PASSWORD = password2WO*
|
||||||
FM_USER_NAME = fmTWO
|
FM_USER_NAME = fmTWO
|
||||||
FM_PASSWORD = password2WO*
|
FM_PASSWORD = password2WO*
|
||||||
|
BARBICAN_USER_NAME = barbican
|
||||||
|
BARBICAN_PASSWORD = barbican2WO*
|
||||||
USER_DOMAIN_NAME = service_domain
|
USER_DOMAIN_NAME = service_domain
|
||||||
PROJECT_DOMAIN_NAME = service_domain
|
PROJECT_DOMAIN_NAME = service_domain
|
||||||
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
||||||
|
@ -119,6 +119,8 @@ GNOCCHI_USER_NAME=gnocchiTWO
|
|||||||
GNOCCHI_PASSWORD=password2WO*
|
GNOCCHI_PASSWORD=password2WO*
|
||||||
FM_USER_NAME=fmTWO
|
FM_USER_NAME=fmTWO
|
||||||
FM_PASSWORD=password2WO*
|
FM_PASSWORD=password2WO*
|
||||||
|
BARBICAN_USER_NAME=barbican
|
||||||
|
BARBICAN_PASSWORD=barbican2WO*
|
||||||
|
|
||||||
[VERSION]
|
[VERSION]
|
||||||
RELEASE = TEST.SW.VERSION
|
RELEASE = TEST.SW.VERSION
|
||||||
|
@ -110,6 +110,8 @@ GNOCCHI_USER_NAME = gnocchiTWO
|
|||||||
GNOCCHI_PASSWORD = password2WO*
|
GNOCCHI_PASSWORD = password2WO*
|
||||||
FM_USER_NAME = fmTWO
|
FM_USER_NAME = fmTWO
|
||||||
FM_PASSWORD = password2WO*
|
FM_PASSWORD = password2WO*
|
||||||
|
BARBICAN_USER_NAME = barbican
|
||||||
|
BARBICAN_PASSWORD = barbican2WO*
|
||||||
USER_DOMAIN_NAME = Default
|
USER_DOMAIN_NAME = Default
|
||||||
PROJECT_DOMAIN_NAME = Default
|
PROJECT_DOMAIN_NAME = Default
|
||||||
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
||||||
|
@ -133,6 +133,8 @@ MTCE_USER_NAME=mtce
|
|||||||
MTCE_PASSWORD=password2WO*
|
MTCE_PASSWORD=password2WO*
|
||||||
FM_USER_NAME=fm
|
FM_USER_NAME=fm
|
||||||
FM_PASSWORD=password2WO*
|
FM_PASSWORD=password2WO*
|
||||||
|
BARBICAN_USER_NAME=barbican
|
||||||
|
BARBICAN_PASSWORD=barbican2WO*
|
||||||
|
|
||||||
[cAUTHENTICATION]
|
[cAUTHENTICATION]
|
||||||
ADMIN_PASSWORD=Li69nux*
|
ADMIN_PASSWORD=Li69nux*
|
||||||
|
@ -133,6 +133,8 @@ MTCE_USER_NAME=mtce
|
|||||||
MTCE_PASSWORD=password2WO*
|
MTCE_PASSWORD=password2WO*
|
||||||
FM_USER_NAME=fm
|
FM_USER_NAME=fm
|
||||||
FM_PASSWORD=password2WO*
|
FM_PASSWORD=password2WO*
|
||||||
|
BARBICAN_USER_NAME=barbican
|
||||||
|
BARBICAN_PASSWORD=barbican2WO*
|
||||||
|
|
||||||
[cAUTHENTICATION]
|
[cAUTHENTICATION]
|
||||||
ADMIN_PASSWORD=Li69nux*
|
ADMIN_PASSWORD=Li69nux*
|
||||||
|
@ -115,6 +115,8 @@ GNOCCHI_USER_NAME=gnocchi
|
|||||||
GNOCCHI_PASSWORD=password2WO*
|
GNOCCHI_PASSWORD=password2WO*
|
||||||
FM_USER_NAME=fm
|
FM_USER_NAME=fm
|
||||||
FM_PASSWORD=password2WO*
|
FM_PASSWORD=password2WO*
|
||||||
|
BARBICAN_USER_NAME=barbican
|
||||||
|
BARBICAN_PASSWORD=barbican2WO*
|
||||||
|
|
||||||
[VERSION]
|
[VERSION]
|
||||||
RELEASE = TEST.SW.VERSION
|
RELEASE = TEST.SW.VERSION
|
||||||
|
@ -115,6 +115,8 @@ GNOCCHI_USER_NAME = gnocchi
|
|||||||
GNOCCHI_PASSWORD = password2WO*
|
GNOCCHI_PASSWORD = password2WO*
|
||||||
FM_USER_NAME = fm
|
FM_USER_NAME = fm
|
||||||
FM_PASSWORD = password2WO*
|
FM_PASSWORD = password2WO*
|
||||||
|
BARBICAN_USER_NAME = barbican
|
||||||
|
BARBICAN_PASSWORD = barbican2WO*
|
||||||
USER_DOMAIN_NAME = Default
|
USER_DOMAIN_NAME = Default
|
||||||
PROJECT_DOMAIN_NAME = Default
|
PROJECT_DOMAIN_NAME = Default
|
||||||
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
||||||
|
@ -125,6 +125,8 @@ GNOCCHI_USER_NAME=gnocchi
|
|||||||
GNOCCHI_PASSWORD=password2WO*
|
GNOCCHI_PASSWORD=password2WO*
|
||||||
FM_USER_NAME=fm
|
FM_USER_NAME=fm
|
||||||
FM_PASSWORD=password2WO*
|
FM_PASSWORD=password2WO*
|
||||||
|
BARBICAN_USER_NAME=barbican
|
||||||
|
BARBICAN_PASSWORD=barbican2WO*
|
||||||
|
|
||||||
[VERSION]
|
[VERSION]
|
||||||
RELEASE = TEST.SW.VERSION
|
RELEASE = TEST.SW.VERSION
|
||||||
|
@ -105,6 +105,8 @@ GNOCCHI_USER_NAME = gnocchi
|
|||||||
GNOCCHI_PASSWORD = password2WO*
|
GNOCCHI_PASSWORD = password2WO*
|
||||||
FM_USER_NAME = fm
|
FM_USER_NAME = fm
|
||||||
FM_PASSWORD = password2WO*
|
FM_PASSWORD = password2WO*
|
||||||
|
BARBICAN_USER_NAME = barbican
|
||||||
|
BARBICAN_PASSWORD = barbican2WO*
|
||||||
USER_DOMAIN_NAME = Default
|
USER_DOMAIN_NAME = Default
|
||||||
PROJECT_DOMAIN_NAME = Default
|
PROJECT_DOMAIN_NAME = Default
|
||||||
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
||||||
|
@ -121,6 +121,8 @@ GNOCCHI_USER_NAME=gnocchi
|
|||||||
GNOCCHI_PASSWORD=password2WO*
|
GNOCCHI_PASSWORD=password2WO*
|
||||||
FM_USER_NAME=fm
|
FM_USER_NAME=fm
|
||||||
FM_PASSWORD=password2WO*
|
FM_PASSWORD=password2WO*
|
||||||
|
BARBICAN_USER_NAME=barbican
|
||||||
|
BARBICAN_PASSWORD=barbican2WO*
|
||||||
|
|
||||||
[VERSION]
|
[VERSION]
|
||||||
RELEASE = TEST.SW.VERSION
|
RELEASE = TEST.SW.VERSION
|
||||||
|
@ -93,6 +93,8 @@ GNOCCHI_USER_NAME = gnocchi
|
|||||||
GNOCCHI_PASSWORD = password2WO*
|
GNOCCHI_PASSWORD = password2WO*
|
||||||
FM_USER_NAME = fm
|
FM_USER_NAME = fm
|
||||||
FM_PASSWORD = password2WO*
|
FM_PASSWORD = password2WO*
|
||||||
|
BARBICAN_USER_NAME = barbican
|
||||||
|
BARBICAN_PASSWORD = barbican2WO*
|
||||||
USER_DOMAIN_NAME = Default
|
USER_DOMAIN_NAME = Default
|
||||||
PROJECT_DOMAIN_NAME = Default
|
PROJECT_DOMAIN_NAME = Default
|
||||||
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
||||||
|
@ -121,6 +121,8 @@ GNOCCHI_USER_NAME=gnocchi
|
|||||||
GNOCCHI_PASSWORD=password2WO*
|
GNOCCHI_PASSWORD=password2WO*
|
||||||
FM_USER_NAME=fm
|
FM_USER_NAME=fm
|
||||||
FM_PASSWORD=password2WO*
|
FM_PASSWORD=password2WO*
|
||||||
|
BARBICAN_USER_NAME=barbican
|
||||||
|
BARBICAN_PASSWORD=barbican2WO*
|
||||||
|
|
||||||
[VERSION]
|
[VERSION]
|
||||||
RELEASE = TEST.SW.VERSION
|
RELEASE = TEST.SW.VERSION
|
||||||
|
@ -122,6 +122,8 @@ GNOCCHI_USER_NAME=gnocchi
|
|||||||
GNOCCHI_PASSWORD=password2WO*
|
GNOCCHI_PASSWORD=password2WO*
|
||||||
FM_USER_NAME=fm
|
FM_USER_NAME=fm
|
||||||
FM_PASSWORD=password2WO*
|
FM_PASSWORD=password2WO*
|
||||||
|
BARBICAN_USER_NAME=barbican
|
||||||
|
BARBICAN_PASSWORD=barbican2WO*
|
||||||
|
|
||||||
[VERSION]
|
[VERSION]
|
||||||
RELEASE = TEST.SW.VERSION
|
RELEASE = TEST.SW.VERSION
|
||||||
|
@ -93,6 +93,8 @@ GNOCCHI_USER_NAME = gnocchi
|
|||||||
GNOCCHI_PASSWORD = password2WO*
|
GNOCCHI_PASSWORD = password2WO*
|
||||||
FM_USER_NAME = fm
|
FM_USER_NAME = fm
|
||||||
FM_PASSWORD = password2WO*
|
FM_PASSWORD = password2WO*
|
||||||
|
BARBICAN_USER_NAME = barbican
|
||||||
|
BARBICAN_PASSWORD = barbican2WO*
|
||||||
USER_DOMAIN_NAME = Default
|
USER_DOMAIN_NAME = Default
|
||||||
PROJECT_DOMAIN_NAME = Default
|
PROJECT_DOMAIN_NAME = Default
|
||||||
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
KEYSTONE_AUTH_URI = http://192.168.204.12:8081/keystone/main/v2.0
|
||||||
|
@ -72,6 +72,9 @@ def get_db_credentials(shared_services, from_release):
|
|||||||
{'aodh': {'hiera_user_key': 'aodh::db::postgresql::user',
|
{'aodh': {'hiera_user_key': 'aodh::db::postgresql::user',
|
||||||
'keyring_password_key': 'aodh',
|
'keyring_password_key': 'aodh',
|
||||||
},
|
},
|
||||||
|
'barbican': {'hiera_user_key': 'barbican::db::postgresql::user',
|
||||||
|
'keyring_password_key': 'barbican',
|
||||||
|
},
|
||||||
'ceilometer': {'hiera_user_key': 'ceilometer::db::postgresql::user',
|
'ceilometer': {'hiera_user_key': 'ceilometer::db::postgresql::user',
|
||||||
'keyring_password_key': 'ceilometer',
|
'keyring_password_key': 'ceilometer',
|
||||||
},
|
},
|
||||||
@ -583,10 +586,18 @@ def migrate_databases(from_release, shared_services, db_credentials,
|
|||||||
f.write("[database]\n")
|
f.write("[database]\n")
|
||||||
f.write(get_connection_string(db_credentials, 'keystone'))
|
f.write(get_connection_string(db_credentials, 'keystone'))
|
||||||
|
|
||||||
|
with open("/etc/barbican/barbican-dbsync.conf", "w") as f:
|
||||||
|
f.write("[database]\n")
|
||||||
|
f.write(get_connection_string(db_credentials, 'barbican'))
|
||||||
|
|
||||||
migrate_commands = [
|
migrate_commands = [
|
||||||
# Migrate aodh (new in R3)
|
# Migrate aodh (new in R3)
|
||||||
('aodh',
|
('aodh',
|
||||||
'aodh-dbsync --config-file /etc/aodh/aodh-dbsync.conf'),
|
'aodh-dbsync --config-file /etc/aodh/aodh-dbsync.conf'),
|
||||||
|
# Migrate barbican
|
||||||
|
('barbican',
|
||||||
|
'barbican-manage --config-file /etc/barbican/barbican-dbsync.conf ' +
|
||||||
|
'db upgrade'),
|
||||||
# Migrate ceilometer
|
# Migrate ceilometer
|
||||||
('ceilometer',
|
('ceilometer',
|
||||||
'ceilometer-upgrade --skip-gnocchi-resource-types --config-file ' +
|
'ceilometer-upgrade --skip-gnocchi-resource-types --config-file ' +
|
||||||
|
@ -28,7 +28,7 @@ def get_upgrade_databases(shared_services):
|
|||||||
|
|
||||||
UPGRADE_DATABASES = ('postgres', 'template1', 'nova', 'sysinv', 'murano',
|
UPGRADE_DATABASES = ('postgres', 'template1', 'nova', 'sysinv', 'murano',
|
||||||
'ceilometer', 'neutron', 'heat', 'nova_api', 'aodh',
|
'ceilometer', 'neutron', 'heat', 'nova_api', 'aodh',
|
||||||
'magnum', 'panko', 'ironic')
|
'magnum', 'panko', 'ironic', 'barbican')
|
||||||
|
|
||||||
UPGRADE_DATABASE_SKIP_TABLES = {'postgres': (), 'template1': (),
|
UPGRADE_DATABASE_SKIP_TABLES = {'postgres': (), 'template1': (),
|
||||||
'heat': (), 'nova': (), 'nova_api': (),
|
'heat': (), 'nova': (), 'nova_api': (),
|
||||||
@ -39,6 +39,7 @@ def get_upgrade_databases(shared_services):
|
|||||||
'magnum': (),
|
'magnum': (),
|
||||||
'panko': (),
|
'panko': (),
|
||||||
'ironic': (),
|
'ironic': (),
|
||||||
|
'barbican': (),
|
||||||
'ceilometer': ('metadata_bool',
|
'ceilometer': ('metadata_bool',
|
||||||
'metadata_float',
|
'metadata_float',
|
||||||
'metadata_int',
|
'metadata_int',
|
||||||
|
@ -25,6 +25,7 @@ Requires: puppet-fm
|
|||||||
|
|
||||||
# Openstack puppet modules
|
# Openstack puppet modules
|
||||||
Requires: puppet-aodh
|
Requires: puppet-aodh
|
||||||
|
Requires: puppet-barbican
|
||||||
Requires: puppet-ceilometer
|
Requires: puppet-ceilometer
|
||||||
Requires: puppet-ceph
|
Requires: puppet-ceph
|
||||||
Requires: puppet-cinder
|
Requires: puppet-cinder
|
||||||
|
@ -544,3 +544,22 @@ fm::db::sync::user: 'root'
|
|||||||
fm::database_idle_timeout: 60
|
fm::database_idle_timeout: 60
|
||||||
fm::database_max_overflow: 20
|
fm::database_max_overflow: 20
|
||||||
fm::database_max_pool_size: 1
|
fm::database_max_pool_size: 1
|
||||||
|
|
||||||
|
# Barbican
|
||||||
|
barbican::use_syslog: true
|
||||||
|
barbican::log_facility: 'local2'
|
||||||
|
barbican::database_idle_timeout: 60
|
||||||
|
barbican::database_max_pool_size: 1
|
||||||
|
barbican::database_max_overflow: 10
|
||||||
|
barbican::alarm_history_time_to_live: 86400
|
||||||
|
|
||||||
|
barbican::auth::auth_endpoint_type: 'internalURL'
|
||||||
|
|
||||||
|
barbican::db::sync::user: 'root'
|
||||||
|
|
||||||
|
barbican::api::enabled: false
|
||||||
|
barbican::api::service_name: 'barbican-api'
|
||||||
|
barbican::api::enable_proxy_headers_parsing: true
|
||||||
|
|
||||||
|
barbican::keystone-listener::enabled: false
|
||||||
|
barbican::worker::enabled: false
|
||||||
|
@ -132,6 +132,9 @@ include ::platform::smapi
|
|||||||
include ::openstack::swift
|
include ::openstack::swift
|
||||||
include ::openstack::swift::api
|
include ::openstack::swift::api
|
||||||
|
|
||||||
|
include ::openstack::barbican
|
||||||
|
include ::openstack::barbican::api
|
||||||
|
|
||||||
include ::platform::sm
|
include ::platform::sm
|
||||||
|
|
||||||
class { '::platform::config::controller::post':
|
class { '::platform::config::controller::post':
|
||||||
|
123
puppet-manifests/src/modules/openstack/manifests/barbican.pp
Normal file
123
puppet-manifests/src/modules/openstack/manifests/barbican.pp
Normal file
@ -0,0 +1,123 @@
|
|||||||
|
class openstack::barbican::params (
|
||||||
|
$api_port = 9311,
|
||||||
|
$region_name = undef,
|
||||||
|
$service_name = 'barbican-api',
|
||||||
|
$service_create = false,
|
||||||
|
$service_enabled = true,
|
||||||
|
) { }
|
||||||
|
|
||||||
|
|
||||||
|
class openstack::barbican
|
||||||
|
inherits ::openstack::barbican::params {
|
||||||
|
|
||||||
|
if $service_enabled {
|
||||||
|
|
||||||
|
include ::platform::params
|
||||||
|
|
||||||
|
if $::platform::params::init_keystone {
|
||||||
|
include ::barbican::keystone::auth
|
||||||
|
include ::barbican::keystone::authtoken
|
||||||
|
}
|
||||||
|
|
||||||
|
if $::platform::params::init_database {
|
||||||
|
include ::barbican::db::postgresql
|
||||||
|
}
|
||||||
|
|
||||||
|
barbican_config {
|
||||||
|
'service_credentials/interface': value => 'internalURL'
|
||||||
|
}
|
||||||
|
|
||||||
|
cron { 'barbican-cleaner':
|
||||||
|
ensure => 'present',
|
||||||
|
command => '/usr/bin/barbican-manage db clean -p -e -L /var/log/barbican/barbican-clean.log',
|
||||||
|
environment => 'PATH=/bin:/usr/bin:/usr/sbin',
|
||||||
|
minute => '50',
|
||||||
|
hour => '*/24',
|
||||||
|
user => 'root',
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
class openstack::barbican::firewall
|
||||||
|
inherits ::openstack::barbican::params {
|
||||||
|
|
||||||
|
platform::firewall::rule { 'barbican-api':
|
||||||
|
service_name => 'barbican-api',
|
||||||
|
ports => $api_port,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
class openstack::barbican::haproxy
|
||||||
|
inherits ::openstack::barbican::params {
|
||||||
|
|
||||||
|
platform::haproxy::proxy { 'barbican-restapi':
|
||||||
|
server_name => 's-barbican-restapi',
|
||||||
|
public_port => $api_port,
|
||||||
|
private_port => $api_port,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
class openstack::barbican::api
|
||||||
|
inherits ::openstack::barbican::params {
|
||||||
|
include ::platform::params
|
||||||
|
|
||||||
|
# The barbican user and service are always required and they
|
||||||
|
# are used by subclouds when the service itself is disabled
|
||||||
|
# on System Controller
|
||||||
|
# whether it creates the endpoint is determined by
|
||||||
|
# barbican::keystone::auth::configure_endpoint which is
|
||||||
|
# set via sysinv puppet
|
||||||
|
if ($::openstack::barbican::params::service_create and
|
||||||
|
$::platform::params::init_keystone) {
|
||||||
|
include ::barbican::keystone::auth
|
||||||
|
$bu_name = $::barbican::keystone::auth::auth_name
|
||||||
|
$bu_tenant = $::barbican::keystone::auth::tenant
|
||||||
|
|
||||||
|
keystone_role { 'creator':
|
||||||
|
ensure => present,
|
||||||
|
}
|
||||||
|
keystone_user_role { "${bu_name}@${bu_tenant}":
|
||||||
|
ensure => present,
|
||||||
|
roles => ['admin', 'creator'],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if $service_enabled {
|
||||||
|
|
||||||
|
$api_workers = $::platform::params::eng_workers
|
||||||
|
|
||||||
|
file_line { 'Modify workers in gunicorn-config.py':
|
||||||
|
path => '/etc/barbican/gunicorn-config.py',
|
||||||
|
line => "workers = '${api_workers}'",
|
||||||
|
match => '.*workers = .*',
|
||||||
|
tag => 'modify-workers',
|
||||||
|
}
|
||||||
|
|
||||||
|
include ::platform::network::mgmt::params
|
||||||
|
$api_host = $::platform::network::mgmt::params::controller_address
|
||||||
|
$api_fqdn = $::platform::params::controller_hostname
|
||||||
|
$url_host = "http://${api_fqdn}:${api_port}"
|
||||||
|
|
||||||
|
include ::platform::amqp::params
|
||||||
|
|
||||||
|
class { '::barbican::api':
|
||||||
|
bind_host => $api_host,
|
||||||
|
bind_port => $api_port,
|
||||||
|
host_href => $url_host,
|
||||||
|
sync_db => $::platform::params::init_database,
|
||||||
|
enable_proxy_headers_parsing => true,
|
||||||
|
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
|
||||||
|
default_transport_url => $::platform::amqp::params::transport_url,
|
||||||
|
}
|
||||||
|
|
||||||
|
class { '::barbican::keystone::notification':
|
||||||
|
enable_keystone_notification => true,
|
||||||
|
}
|
||||||
|
|
||||||
|
include ::openstack::barbican::firewall
|
||||||
|
include ::openstack::barbican::haproxy
|
||||||
|
}
|
||||||
|
}
|
@ -395,6 +395,11 @@ class openstack::keystone::endpoint::runtime {
|
|||||||
include ::platform::ceph::rgw::keystone::auth
|
include ::platform::ceph::rgw::keystone::auth
|
||||||
}
|
}
|
||||||
|
|
||||||
|
include ::openstack::barbican::params
|
||||||
|
if $::openstack::barbican::params::service_enabled {
|
||||||
|
include ::barbican::keystone::auth
|
||||||
|
}
|
||||||
|
|
||||||
if $::platform::params::distributed_cloud_role =='systemcontroller' {
|
if $::platform::params::distributed_cloud_role =='systemcontroller' {
|
||||||
include ::dcorch::keystone::auth
|
include ::dcorch::keystone::auth
|
||||||
include ::dcmanager::keystone::auth
|
include ::dcmanager::keystone::auth
|
||||||
|
@ -13,6 +13,7 @@
|
|||||||
"protected_admins": "'admin':%(target.user.name)s or 'heat_admin':%(target.user.name)s or 'dcmanager':%(target.user.name)s",
|
"protected_admins": "'admin':%(target.user.name)s or 'heat_admin':%(target.user.name)s or 'dcmanager':%(target.user.name)s",
|
||||||
"protected_roles": "'admin':%(target.role.name)s or 'heat_admin':%(target.user.name)s",
|
"protected_roles": "'admin':%(target.role.name)s or 'heat_admin':%(target.user.name)s",
|
||||||
"protected_services": [["'aodh':%(target.user.name)s"],
|
"protected_services": [["'aodh':%(target.user.name)s"],
|
||||||
|
["'barbican':%(target.user.name)s"],
|
||||||
["'ceilometer':%(target.user.name)s"],
|
["'ceilometer':%(target.user.name)s"],
|
||||||
["'cinder':%(target.user.name)s"],
|
["'cinder':%(target.user.name)s"],
|
||||||
["'glance':%(target.user.name)s"],
|
["'glance':%(target.user.name)s"],
|
||||||
|
@ -154,6 +154,7 @@ class platform::haproxy::runtime {
|
|||||||
include ::openstack::panko::haproxy
|
include ::openstack::panko::haproxy
|
||||||
include ::openstack::gnocchi::haproxy
|
include ::openstack::gnocchi::haproxy
|
||||||
include ::openstack::swift::haproxy
|
include ::openstack::swift::haproxy
|
||||||
|
include ::openstack::barbican::haproxy
|
||||||
|
|
||||||
class {'::platform::haproxy::reload':
|
class {'::platform::haproxy::reload':
|
||||||
stage => post
|
stage => post
|
||||||
|
@ -198,6 +198,7 @@ class platform::postgresql::upgrade
|
|||||||
}
|
}
|
||||||
|
|
||||||
include ::aodh::db::postgresql
|
include ::aodh::db::postgresql
|
||||||
|
include ::barbican::db::postgresql
|
||||||
include ::cinder::db::postgresql
|
include ::cinder::db::postgresql
|
||||||
include ::glance::db::postgresql
|
include ::glance::db::postgresql
|
||||||
include ::gnocchi::db::postgresql
|
include ::gnocchi::db::postgresql
|
||||||
|
@ -232,6 +232,9 @@ class platform::sm
|
|||||||
# Panko
|
# Panko
|
||||||
include ::openstack::panko::params
|
include ::openstack::panko::params
|
||||||
|
|
||||||
|
# Barbican
|
||||||
|
include ::openstack::barbican::params
|
||||||
|
|
||||||
if $system_mode == 'simplex' {
|
if $system_mode == 'simplex' {
|
||||||
$hostunit = '0'
|
$hostunit = '0'
|
||||||
$management_my_unit_ip = $::platform::network::mgmt::params::controller0_address
|
$management_my_unit_ip = $::platform::network::mgmt::params::controller0_address
|
||||||
@ -285,6 +288,7 @@ class platform::sm
|
|||||||
$gnocchi_enabled = false
|
$gnocchi_enabled = false
|
||||||
$aodh_enabled = false
|
$aodh_enabled = false
|
||||||
$panko_enabled = false
|
$panko_enabled = false
|
||||||
|
$barbican_enabled = false
|
||||||
} else {
|
} else {
|
||||||
$heat_service_enabled = $::openstack::heat::params::service_enabled
|
$heat_service_enabled = $::openstack::heat::params::service_enabled
|
||||||
$murano_configured = $::openstack::murano::params::service_enabled
|
$murano_configured = $::openstack::murano::params::service_enabled
|
||||||
@ -293,6 +297,7 @@ class platform::sm
|
|||||||
$gnocchi_enabled = $::openstack::gnocchi::params::service_enabled
|
$gnocchi_enabled = $::openstack::gnocchi::params::service_enabled
|
||||||
$aodh_enabled = $::openstack::aodh::params::service_enabled
|
$aodh_enabled = $::openstack::aodh::params::service_enabled
|
||||||
$panko_enabled = $::openstack::panko::params::service_enabled
|
$panko_enabled = $::openstack::panko::params::service_enabled
|
||||||
|
$barbican_enabled = $::openstack::barbican::params::service_enabled
|
||||||
}
|
}
|
||||||
|
|
||||||
if $system_mode == 'simplex' {
|
if $system_mode == 'simplex' {
|
||||||
@ -1013,6 +1018,49 @@ class platform::sm
|
|||||||
command => "sm-configure service_instance ironic-conductor ironic-conductor \"config=/etc/ironic/ironic.conf,tftproot=${ironic_tftproot}\"",
|
command => "sm-configure service_instance ironic-conductor ironic-conductor \"config=/etc/ironic/ironic.conf,tftproot=${ironic_tftproot}\"",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Barbican
|
||||||
|
if $barbican_enabled {
|
||||||
|
|
||||||
|
exec { 'Configure OpenStack - Barbican API':
|
||||||
|
command => "sm-configure service_instance barbican-api barbican-api \"config=/etc/barbican/barbican.conf\"",
|
||||||
|
}
|
||||||
|
|
||||||
|
exec { 'Configure OpenStack - Barbican Keystone Listener':
|
||||||
|
command => "sm-configure service_instance barbican-keystone-listener barbican-keystone-listener \"config=/etc/barbican/barbican.conf\"",
|
||||||
|
}
|
||||||
|
|
||||||
|
exec { 'Configure OpenStack - Barbican Worker':
|
||||||
|
command => "sm-configure service_instance barbican-worker barbican-worker \"config=/etc/barbican/barbican.conf\"",
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
exec { 'Deprovision OpenStack - Barbican API (service-group-member)':
|
||||||
|
path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ],
|
||||||
|
command => "sm-deprovision service-group-member cloud-services barbican-api",
|
||||||
|
} ->
|
||||||
|
exec { 'Deprovision OpenStack - Barbican API (service)':
|
||||||
|
path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ],
|
||||||
|
command => "sm-deprovision service barbican-api",
|
||||||
|
}
|
||||||
|
|
||||||
|
exec { 'Deprovision OpenStack - Barbican Keystone Listener (service-group-member)':
|
||||||
|
path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ],
|
||||||
|
command => "sm-deprovision service-group-member cloud-services barbican-keystone-listener",
|
||||||
|
} ->
|
||||||
|
exec { 'Deprovision OpenStack - Barbican Keystone Listener (service)':
|
||||||
|
path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ],
|
||||||
|
command => "sm-deprovision service barbican-keystone-listener",
|
||||||
|
}
|
||||||
|
|
||||||
|
exec { 'Deprovision OpenStack - Barbican Worker (service-group-member)':
|
||||||
|
path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ],
|
||||||
|
command => "sm-deprovision service-group-member cloud-services barbican-worker",
|
||||||
|
} ->
|
||||||
|
exec { 'Deprovision OpenStack - Barbican Worker (service)':
|
||||||
|
path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ],
|
||||||
|
command => "sm-deprovision service barbican-worker",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
exec { 'Configure OpenStack - Nova Compute':
|
exec { 'Configure OpenStack - Nova Compute':
|
||||||
command => "sm-configure service_instance nova-compute nova-compute \"config=/etc/nova/nova-ironic.conf\"",
|
command => "sm-configure service_instance nova-compute nova-compute \"config=/etc/nova/nova-ironic.conf\"",
|
||||||
}
|
}
|
||||||
|
@ -17,6 +17,11 @@ rewrite r_rewrite_set{
|
|||||||
set("<%= @system_name %> aodh-listener.log ${HOST}", value("HOST") condition(filter(f_aodhlistener)));
|
set("<%= @system_name %> aodh-listener.log ${HOST}", value("HOST") condition(filter(f_aodhlistener)));
|
||||||
set("<%= @system_name %> aodh-notifier.log ${HOST}", value("HOST") condition(filter(f_aodhnotifier)));
|
set("<%= @system_name %> aodh-notifier.log ${HOST}", value("HOST") condition(filter(f_aodhnotifier)));
|
||||||
set("<%= @system_name %> auth.log ${HOST}", value("HOST") condition(filter(f_auth)));
|
set("<%= @system_name %> auth.log ${HOST}", value("HOST") condition(filter(f_auth)));
|
||||||
|
set("<%= @system_name %> barbican-api.log ${HOST}", value("HOST") condition(filter(f_barbicanapi)));
|
||||||
|
set("<%= @system_name %> barbican-dbsync.log ${HOST}", value("HOST") condition(filter(f_barbicandbsync)));
|
||||||
|
set("<%= @system_name %> barbican-keystone-listener.log ${HOST}", value("HOST") condition(filter(f_barbicankeystonelistener)));
|
||||||
|
set("<%= @system_name %> barbican-worker.log ${HOST}", value("HOST") condition(filter(f_barbicanworker)));
|
||||||
|
set("<%= @system_name %> barbican-cleaner.log ${HOST}", value("HOST") condition(filter(f_barbicancleaner)));
|
||||||
set("<%= @system_name %> bash.log ${HOST}", value("HOST") condition(filter(f_bash)));
|
set("<%= @system_name %> bash.log ${HOST}", value("HOST") condition(filter(f_bash)));
|
||||||
set("<%= @system_name %> ceilometer-agent-notification.log ${HOST}", value("HOST") condition(filter(f_ceilometeragentnotification)));
|
set("<%= @system_name %> ceilometer-agent-notification.log ${HOST}", value("HOST") condition(filter(f_ceilometeragentnotification)));
|
||||||
set("<%= @system_name %> ceilometer-upgrade.log ${HOST}", value("HOST") condition(filter(f_ceilometerupgrade)));
|
set("<%= @system_name %> ceilometer-upgrade.log ${HOST}", value("HOST") condition(filter(f_ceilometerupgrade)));
|
||||||
|
@ -71,6 +71,7 @@ systemconfig.puppet_plugins =
|
|||||||
031_fm = sysinv.puppet.fm:FmPuppet
|
031_fm = sysinv.puppet.fm:FmPuppet
|
||||||
032_swift = sysinv.puppet.swift:SwiftPuppet
|
032_swift = sysinv.puppet.swift:SwiftPuppet
|
||||||
033_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
|
033_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
|
||||||
|
034_barbican = sysinv.puppet.barbican:BarbicanPuppet
|
||||||
|
|
||||||
systemconfig.helm_plugins =
|
systemconfig.helm_plugins =
|
||||||
aodh = sysinv.helm.aodh:AodhHelm
|
aodh = sysinv.helm.aodh:AodhHelm
|
||||||
|
@ -857,6 +857,7 @@ SERVICE_TYPE_IRONIC = 'ironic'
|
|||||||
SERVICE_TYPE_PANKO = 'panko'
|
SERVICE_TYPE_PANKO = 'panko'
|
||||||
SERVICE_TYPE_AODH = 'aodh'
|
SERVICE_TYPE_AODH = 'aodh'
|
||||||
SERVICE_TYPE_GLANCE = 'glance'
|
SERVICE_TYPE_GLANCE = 'glance'
|
||||||
|
SERVICE_TYPE_BARBICAN = 'barbican'
|
||||||
|
|
||||||
SERVICE_PARAM_SECTION_MURANO_RABBITMQ = 'rabbitmq'
|
SERVICE_PARAM_SECTION_MURANO_RABBITMQ = 'rabbitmq'
|
||||||
SERVICE_PARAM_SECTION_MURANO_ENGINE = 'engine'
|
SERVICE_PARAM_SECTION_MURANO_ENGINE = 'engine'
|
||||||
|
84
sysinv/sysinv/sysinv/sysinv/puppet/barbican.py
Normal file
84
sysinv/sysinv/sysinv/sysinv/puppet/barbican.py
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
#
|
||||||
|
# Copyright (c) 2018 Wind River Systems, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
|
||||||
|
from . import openstack
|
||||||
|
|
||||||
|
|
||||||
|
class BarbicanPuppet(openstack.OpenstackBasePuppet):
|
||||||
|
"""Class to encapsulate puppet operations for barbican configuration"""
|
||||||
|
|
||||||
|
SERVICE_NAME = 'barbican'
|
||||||
|
SERVICE_PORT = 9311
|
||||||
|
|
||||||
|
def get_static_config(self):
|
||||||
|
dbuser = self._get_database_username(self.SERVICE_NAME)
|
||||||
|
|
||||||
|
return {
|
||||||
|
'barbican::db::postgresql::user': dbuser,
|
||||||
|
}
|
||||||
|
|
||||||
|
def get_secure_static_config(self):
|
||||||
|
dbpass = self._get_database_password(self.SERVICE_NAME)
|
||||||
|
kspass = self._get_service_password(self.SERVICE_NAME)
|
||||||
|
|
||||||
|
return {
|
||||||
|
'barbican::db::postgresql::password': dbpass,
|
||||||
|
|
||||||
|
'barbican::keystone::auth::password': kspass,
|
||||||
|
'barbican::keystone::authtoken::password': kspass,
|
||||||
|
}
|
||||||
|
|
||||||
|
def get_system_config(self):
|
||||||
|
ksuser = self._get_service_user_name(self.SERVICE_NAME)
|
||||||
|
|
||||||
|
config = {
|
||||||
|
'barbican::keystone::auth::public_url': self.get_public_url(),
|
||||||
|
'barbican::keystone::auth::internal_url': self.get_internal_url(),
|
||||||
|
'barbican::keystone::auth::admin_url': self.get_admin_url(),
|
||||||
|
'barbican::keystone::auth::auth_name': ksuser,
|
||||||
|
'barbican::keystone::auth::region': self._region_name(),
|
||||||
|
'barbican::keystone::auth::tenant': self._get_service_tenant_name(),
|
||||||
|
'barbican::keystone::auth::configure_user_role': False,
|
||||||
|
|
||||||
|
'barbican::keystone::authtoken::auth_url':
|
||||||
|
self._keystone_identity_uri(),
|
||||||
|
'barbican::keystone::authtoken::auth_uri':
|
||||||
|
self._keystone_auth_uri(),
|
||||||
|
|
||||||
|
'barbican::keystone::authtoken::user_domain_name':
|
||||||
|
self._get_service_user_domain_name(),
|
||||||
|
'barbican::keystone::authtoken::project_domain_name':
|
||||||
|
self._get_service_project_domain_name(),
|
||||||
|
'barbican::keystone::authtoken::project_name':
|
||||||
|
self._get_service_tenant_name(),
|
||||||
|
'barbican::keystone::authtoken::region_name':
|
||||||
|
self._keystone_region_name(),
|
||||||
|
'barbican::keystone::authtoken::username': ksuser,
|
||||||
|
|
||||||
|
'openstack::barbican::params::region_name':
|
||||||
|
self._get_service_region_name(self.SERVICE_NAME),
|
||||||
|
'openstack::barbican::params::service_create':
|
||||||
|
self._to_create_services(),
|
||||||
|
}
|
||||||
|
|
||||||
|
return config
|
||||||
|
|
||||||
|
def get_secure_system_config(self):
|
||||||
|
config = {
|
||||||
|
'barbican::db::database_connection':
|
||||||
|
self._format_database_connection(self.SERVICE_NAME),
|
||||||
|
}
|
||||||
|
|
||||||
|
return config
|
||||||
|
|
||||||
|
def get_public_url(self):
|
||||||
|
return self._format_public_endpoint(self.SERVICE_PORT)
|
||||||
|
|
||||||
|
def get_internal_url(self):
|
||||||
|
return self._format_private_endpoint(self.SERVICE_PORT)
|
||||||
|
|
||||||
|
def get_admin_url(self):
|
||||||
|
return self._format_private_endpoint(self.SERVICE_PORT)
|
Loading…
Reference in New Issue
Block a user