e7f5bfb7ae
This feature adds the ability to run Keystone in each Subcloud and implements a Distributed Service Catalog such that the Central Region Keystone ONLY contains the Identity endpoint for each subcloud. The DC Manager and DC Orchestration framework then does a 2 stage lookup to first procure a token from the subcloud and then use that for further communication with that subcloud. This delivery adds the following: - New DC Orch Identity Proxy SM service - Keystone manifest changes to run init_keystone in Subcloud to spawn a local Keystone instance - Modify System Controller Identity endpoints 5000 to 25000, i.e binding to DC-Orch-API-Proxy - DC Manager and DC Orch Changes to do a 2-stage lookup on subclouds (Distributed Service Catalog) - Cherry pick Endpoint Filter Group patches into Openstack client - Add Resource Sync for Keystone Users, Projects and Roles and reporting to DC Manager - Add Auditing for Keystone Users, Projects and Roles on Central Region and Subclouds - Lab Setup changes to configure Tenant users and projects against the Keystone DC Proxy (port 25000) so that these may be synced to subclouds. Story: 2002842 Task: 22785 Change-Id: I2db7610532d1835246b29bedf2cb719669f11935 Signed-off-by: Andy Ning <andy.ning@windriver.com> Signed-off-by: Jack Ding <jack.ding@windriver.com>
95 lines
3.6 KiB
Python
95 lines
3.6 KiB
Python
#
|
|
# Copyright (c) 2017 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
from sysinv.common import constants
|
|
|
|
from . import openstack
|
|
|
|
|
|
class PatchingPuppet(openstack.OpenstackBasePuppet):
|
|
"""Class to encapsulate puppet operations for patching configuration"""
|
|
|
|
SERVICE_NAME = 'patching'
|
|
SERVICE_PORT = 5491
|
|
SERVICE_PUBLIC_PORT = 15491
|
|
SERVICE_KS_USERNAME = 'patching'
|
|
|
|
def get_static_config(self):
|
|
ksuser = self._get_service_user_name(self.SERVICE_NAME)
|
|
|
|
return {
|
|
'patching::api::keystone_user': ksuser,
|
|
}
|
|
|
|
def get_secure_static_config(self):
|
|
kspass = self._get_service_password(self.SERVICE_NAME)
|
|
|
|
return {
|
|
'patching::api::keystone_password': kspass,
|
|
'patching::keystone::auth::password': kspass,
|
|
'patching::keystone::authtoken::password': kspass,
|
|
}
|
|
|
|
def get_system_config(self):
|
|
ksuser = self._get_service_user_name(self.SERVICE_NAME)
|
|
patch_keystone_auth_uri = self._keystone_auth_uri()
|
|
patch_keystone_identity_uri = self._keystone_identity_uri()
|
|
controller_multicast = self._get_address_by_name(
|
|
constants.PATCH_CONTROLLER_MULTICAST_MGMT_IP_NAME,
|
|
constants.NETWORK_TYPE_MULTICAST)
|
|
agent_multicast = self._get_address_by_name(
|
|
constants.PATCH_AGENT_MULTICAST_MGMT_IP_NAME,
|
|
constants.NETWORK_TYPE_MULTICAST)
|
|
|
|
return {
|
|
'patching::api::keystone_user': ksuser,
|
|
'patching::api::keystone_tenant': self._get_service_tenant_name(),
|
|
'patching::api::keystone_auth_uri': patch_keystone_auth_uri,
|
|
'patching::api::keystone_identity_uri': patch_keystone_identity_uri,
|
|
'patching::api::keystone_region_name':
|
|
self._get_service_region_name(self.SERVICE_NAME),
|
|
|
|
'patching::api::keystone_user_domain':
|
|
self._get_service_user_domain_name(),
|
|
'patching::api::keystone_project_domain':
|
|
self._get_service_project_domain_name(),
|
|
'patching::api::bind_host':
|
|
self._get_management_address(),
|
|
|
|
'patching::keystone::auth::public_url': self.get_public_url(),
|
|
'patching::keystone::auth::internal_url': self.get_internal_url(),
|
|
'patching::keystone::auth::admin_url': self.get_admin_url(),
|
|
'patching::keystone::auth::auth_name': ksuser,
|
|
'patching::keystone::auth::service_name': self.SERVICE_NAME,
|
|
'patching::keystone::auth::region':
|
|
self._get_service_region_name(self.SERVICE_NAME),
|
|
'patching::keystone::auth::tenant': self._get_service_tenant_name(),
|
|
|
|
'patching::keystone::authtoken::auth_url':
|
|
self._keystone_identity_uri(),
|
|
'patching::keystone::authtoken::auth_uri':
|
|
self._keystone_auth_uri(),
|
|
|
|
'patching::controller_multicast': controller_multicast.address,
|
|
'patching::agent_multicast': agent_multicast.address,
|
|
|
|
'openstack::patching::params::region_name': self.get_region_name(),
|
|
'platform::patching::params::service_create':
|
|
self._to_create_services(),
|
|
}
|
|
|
|
def get_public_url(self):
|
|
return self._format_public_endpoint(self.SERVICE_PUBLIC_PORT)
|
|
|
|
def get_internal_url(self):
|
|
return self._format_private_endpoint(self.SERVICE_PORT)
|
|
|
|
def get_admin_url(self):
|
|
return self._format_private_endpoint(self.SERVICE_PORT)
|
|
|
|
def get_region_name(self):
|
|
return self._get_service_region_name(self.SERVICE_NAME)
|