Browse Source

Configure dcmanager user for endpoint_cache

The following changes are made, in order to remove the
dependencies to 'admin' user and use 'dcmanager' user to
authenticate with services in the subclouds:
. Configure dcmanager user for dcorch
. Add the dcmanager user id to the static.yaml on subclouds
  during upgrade

Depends-On: https://review.opendev.org/#/c/735994/
Partial-Bug: 1883758

Change-Id: I72ed05d38ac6c25d240f99c4aeaf13b51273471f
Signed-off-by: Tao Liu <tao.liu@windriver.com>
changes/20/736020/5
Tao Liu 1 year ago
parent
commit
5fd25a2085
  1. 24
      controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py
  2. 36
      controllerconfig/controllerconfig/controllerconfig/utils.py
  3. 6
      sysinv/sysinv/sysinv/sysinv/puppet/dcmanager.py
  4. 10
      sysinv/sysinv/sysinv/sysinv/puppet/dcorch.py
  5. 1
      tsconfig/tsconfig/tsconfig/tsconfig.py

24
controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py

@ -30,6 +30,7 @@ from sysinv.common import constants as sysinv_constants
# have been applied, so only the static entries from tsconfig can be used
# (the platform.conf file will not have been updated with dynamic values).
from tsconfig.tsconfig import SW_VERSION
# from tsconfig.tsconfig import SW_VERSION_20_06
from tsconfig.tsconfig import PLATFORM_PATH
from tsconfig.tsconfig import KEYRING_PATH
from tsconfig.tsconfig import PLATFORM_CONF_FILE
@ -671,6 +672,29 @@ def migrate_hiera_data(from_release, to_release):
'platform::client::credentials::params::keyring_file':
os.path.join(KEYRING_PATH, '.CREDENTIAL'),
})
# Add dcmanager and sysinv user id as well as service project id to
# the static.yaml on subclouds
# comment out the following untested code for now
# if to_release == SW_VERSION_20_06 and cutils.is_subcloud():
# dm_user_id = cutils.get_keystone_user_id('dcmanager')
# sysinv_user_id = cutils.get_keystone_user_id('sysinv')
# service_project_id = cutils.get_keystone_project_id('services')
# if dm_user_id:
# static_config.update({
# 'platform::dcmanager::bootstrap::dc_dcmanager_user_id':
# dm_user_id
# })
# if sysinv_user_id:
# static_config.update({
# 'platform::sysinv::bootstrap::dc_sysinv_user_id':
# sysinv_user_id
# })
# if service_project_id:
# static_config.update({
# 'openstack::keystone::bootstrap::dc_services_project_id':
# service_project_id
# })
with open(static_file, 'w') as yaml_file:
yaml.dump(static_config, yaml_file, default_flow_style=False)

36
controllerconfig/controllerconfig/controllerconfig/utils.py

@ -10,6 +10,8 @@ Utilities
import glob
import os
import psycopg2
from psycopg2.extras import RealDictCursor
import shutil
import subprocess
import time
@ -25,6 +27,7 @@ from controllerconfig.common import constants
from controllerconfig.common.exceptions import ValidateFail
from oslo_log import log
LOG = log.getLogger(__name__)
DEVNULL = open(os.devnull, 'w')
@ -404,3 +407,36 @@ def ip_version_to_string(ip_version):
return "IPv6"
else:
return "IP"
def is_subcloud():
conn = psycopg2.connect("dbname='sysinv' user='postgres'")
with conn:
with conn.cursor(cursor_factory=RealDictCursor) as cur:
cur.execute("SELECT * from i_system")
system = cur.fetchone()
return system['distributed_cloud_role'] == 'subcloud'
def get_keystone_user_id(user_name):
""" Get the a keystone user id by name"""
conn = psycopg2.connect("dbname='keystone' user='postgres'")
with conn:
with conn.cursor(cursor_factory=RealDictCursor) as cur:
cur.execute("SELECT user_id FROM local_user WHERE name=%s" %
user_name)
user_id = cur.fetchone()
return user_id['user_id']
def get_keystone_project_id(project_name):
""" Get the a keystone project id by name"""
conn = psycopg2.connect("dbname='keystone' user='postgres'")
with conn:
with conn.cursor(cursor_factory=RealDictCursor) as cur:
cur.execute("SELECT id FROM project WHERE name=%s" %
project_name)
project_id = cur.fetchone()
return project_id['id']

6
sysinv/sysinv/sysinv/sysinv/puppet/dcmanager.py

@ -102,6 +102,12 @@ class DCManagerPuppet(openstack.OpenstackBasePuppet):
'dcmanager::api::keystone_admin_password': admin_password,
}
def get_ks_user_name(self):
return self._get_service_user_name(self.SERVICE_NAME)
def get_ks_user_password(self):
return self._get_service_password(self.SERVICE_NAME)
def get_public_url(self):
return self._format_public_endpoint(self.SERVICE_PORT,
path=self.SERVICE_PATH)

10
sysinv/sysinv/sysinv/sysinv/puppet/dcorch.py

@ -48,6 +48,8 @@ class DCOrchPuppet(openstack.OpenstackBasePuppet):
kspass = self._get_service_password(self.SERVICE_NAME)
admin_password = self._get_keyring_password(self.ADMIN_SERVICE,
self.ADMIN_USER)
dm_kspass = self._operator.dcmanager.get_ks_user_password()
# initial bootstrap is bound to localhost
dburl = self._format_database_connection(self.SERVICE_NAME,
constants.LOCALHOST_HOSTNAME)
@ -62,10 +64,13 @@ class DCOrchPuppet(openstack.OpenstackBasePuppet):
'dcorch::api_proxy::keystone_password': kspass,
'dcorch::api_proxy::keystone_admin_password': admin_password,
'dcorch::api_proxy::dcmanager_keystone_password': dm_kspass,
}
def get_system_config(self):
ksuser = self._get_service_user_name(self.SERVICE_NAME)
dm_ksuser = self._operator.dcmanager.get_ks_user_name()
config = {
# The region in which the identity server can be found
@ -138,6 +143,7 @@ class DCOrchPuppet(openstack.OpenstackBasePuppet):
'dcorch::api_proxy::keystone_project_domain':
self._get_service_project_domain_name(),
'dcorch::api_proxy::keystone_user': ksuser,
'dcorch::api_proxy::dcmanager_keystone_user': dm_ksuser,
'dcorch::api_proxy::keystone_admin_user': self.ADMIN_USER,
'dcorch::api_proxy::keystone_admin_tenant': self.ADMIN_TENANT,
'openstack::dcorch::params::region_name': self.get_region_name(),
@ -170,6 +176,8 @@ class DCOrchPuppet(openstack.OpenstackBasePuppet):
kspass = self._get_service_password(self.SERVICE_NAME)
admin_password = self._get_keyring_password(self.ADMIN_SERVICE,
self.ADMIN_USER)
dm_kspass = self._operator.dcmanager.get_ks_user_password()
config = {
'dcorch::database_connection':
self._format_database_connection(self.SERVICE_NAME),
@ -180,6 +188,8 @@ class DCOrchPuppet(openstack.OpenstackBasePuppet):
'dcorch::api_proxy::keystone_password': kspass,
'dcorch::api_proxy::keystone_admin_password': admin_password,
'dcorch::api_proxy::dcmanager_keystone_password': dm_kspass,
}
if utils.is_openstack_applied(self.dbapi):

1
tsconfig/tsconfig/tsconfig/tsconfig.py

@ -11,6 +11,7 @@ import io
import logging
SW_VERSION = ""
SW_VERSION_20_06 = "20.06"
nodetype = None
subfunctions = []

Loading…
Cancel
Save