Use stx_admin account for flock service to communicate with openstack

admin account is used before, but if admin password is changed, flock service cannot be notified and cannot get the new password, so flock service like nfv-vim cannot fetch openstack vm info ever. stx_admin account is created for this case. It is created by openstack app when it is applied, and password is saved to keyring so flock service could use it to communicate with openstack app. helm is updated to use stx_admin account instead of admin account. Partial-Bug: 1887755 Change-Id: I8b7ce7b60ccb3f0d0a595395b591565b24a590d5 Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
2020-09-24 16:23:52 +08:00 · 2020-09-24 16:23:52 +08:00 · d5d54b3ae2
parent 4f522ddbb5
commit d5d54b3ae2
2 changed files with 15 additions and 3 deletions
--- a/sysinv/sysinv/sysinv/sysinv/helm/common.py
+++ b/sysinv/sysinv/sysinv/sysinv/helm/common.py
@ -45,7 +45,8 @@ SERVICE_ADMIN = 'CGCS'
 # Users
 USER_ADMIN = 'admin'
 USER_TEST = 'test'
-USERS = [USER_ADMIN, USER_TEST]
+USER_STX_ADMIN = 'stx_admin'
+USERS = [USER_ADMIN, USER_TEST, USER_STX_ADMIN]

 # Passwords Formatting
 PASSWORD_FORMAT_IDENTITY = 'keystone-auth'
--- a/sysinv/sysinv/sysinv/sysinv/helm/helm.py
+++ b/sysinv/sysinv/sysinv/sysinv/helm/helm.py
@ -848,9 +848,20 @@ class HelmOperatorData(HelmOperator):
    @helm_context
    def get_keystone_auth_data(self):
        keystone_operator = self.chart_operators[self.HELM_CHART_KEYSTONE]
+
+        # use stx_admin account to communicate with openstack app
+        username = common.USER_STX_ADMIN
+        try:
+            password = keystone_operator.get_stx_admin_password()
+        except Exception:
+            # old version app doesn't support stx_admin account yet.
+            # fallback to admin account
+            username = keystone_operator.get_admin_user_name()
+            password = keystone_operator.get_admin_password()
+
        auth_data = {
            'admin_user_name':
-                keystone_operator.get_admin_user_name(),
+                username,
            'admin_project_name':
                keystone_operator.get_admin_project_name(),
            'auth_host':
@ -861,7 +872,7 @@ class HelmOperatorData(HelmOperator):
            'admin_project_domain':
                keystone_operator.get_admin_project_domain(),
            'admin_password':
-                keystone_operator.get_admin_password(),
+                password,
        }
        return auth_data