diff --git a/openstack-helm/centos/openstack-helm.spec b/openstack-helm/centos/openstack-helm.spec index 6699f84c..62ee8b92 100644 --- a/openstack-helm/centos/openstack-helm.spec +++ b/openstack-helm/centos/openstack-helm.spec @@ -28,6 +28,7 @@ Patch06: 0006-Support-ingress-creation-for-keystone-admin-endpoint.patch Patch07: 0007-Allow-more-generic-overrides-for-placeme.patch Patch08: 0008-Allow-set-public-endpoint-url-for-keystone-endpoints.patch Patch09: 0009-Wrong-usage-of-rbd_store_chunk_size.patch +Patch10: 0010-Add-stx_admin-account.patch BuildRequires: helm BuildRequires: openstack-helm-infra @@ -48,6 +49,7 @@ Openstack Helm charts %patch07 -p1 %patch08 -p1 %patch09 -p1 +%patch10 -p1 %build # Stage helm-toolkit in the local repo diff --git a/openstack-helm/files/0010-Add-stx_admin-account.patch b/openstack-helm/files/0010-Add-stx_admin-account.patch new file mode 100644 index 00000000..182d2bda --- /dev/null +++ b/openstack-helm/files/0010-Add-stx_admin-account.patch @@ -0,0 +1,103 @@ +From 50e5e101857767fa5b20a3f548e3f28ffb8664ed Mon Sep 17 00:00:00 2001 +From: Shuicheng Lin +Date: Wed, 28 Oct 2020 15:17:34 +0800 +Subject: [PATCH] Add stx_admin account for host to communicate with openstack + app + +Signed-off-by: Shuicheng Lin +--- + keystone/templates/job-ks-user.yaml | 18 ++++++++++++++++++ + keystone/templates/secret-keystone.yaml | 2 +- + keystone/values.yaml | 17 +++++++++++++++++ + 3 files changed, 36 insertions(+), 1 deletion(-) + create mode 100644 keystone/templates/job-ks-user.yaml + +diff --git a/keystone/templates/job-ks-user.yaml b/keystone/templates/job-ks-user.yaml +new file mode 100644 +index 0000000..aec4641 +--- /dev/null ++++ b/keystone/templates/job-ks-user.yaml +@@ -0,0 +1,18 @@ ++{{/* ++Licensed under the Apache License, Version 2.0 (the "License"); ++you may not use this file except in compliance with the License. ++You may obtain a copy of the License at ++ ++ http://www.apache.org/licenses/LICENSE-2.0 ++ ++Unless required by applicable law or agreed to in writing, software ++distributed under the License is distributed on an "AS IS" BASIS, ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++See the License for the specific language governing permissions and ++limitations under the License. ++*/}} ++ ++{{- if .Values.manifests.job_ks_user }} ++{{- $ksUserJob := dict "envAll" . "serviceName" "keystone" "serviceUser" "stx_admin" -}} ++{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} ++{{- end }} +diff --git a/keystone/templates/secret-keystone.yaml b/keystone/templates/secret-keystone.yaml +index 5aa87ab..0e471f1 100644 +--- a/keystone/templates/secret-keystone.yaml ++++ b/keystone/templates/secret-keystone.yaml +@@ -14,7 +14,7 @@ limitations under the License. + + {{- if .Values.manifests.secret_keystone }} + {{- $envAll := . }} +-{{- range $key1, $userClass := tuple "admin" "test" }} ++{{- range $key1, $userClass := tuple "admin" "test" "stx_admin" }} + {{- $secretName := index $envAll.Values.secrets.identity $userClass }} + --- + apiVersion: v1 +diff --git a/keystone/values.yaml b/keystone/values.yaml +index 473379d..68bbcdd 100644 +--- a/keystone/values.yaml ++++ b/keystone/values.yaml +@@ -146,6 +146,10 @@ dependencies: + services: + - endpoint: internal + service: oslo_db ++ ks_user: ++ services: ++ - endpoint: internal ++ service: identity + rabbit_init: + services: + - service: oslo_messaging +@@ -1062,6 +1066,7 @@ secrets: + identity: + admin: keystone-keystone-admin + test: keystone-keystone-test ++ stx_admin: keystone-keystone-stxadmin + oslo_db: + admin: keystone-db-admin + keystone: keystone-db-user +@@ -1104,6 +1109,17 @@ endpoints: + user_domain_name: default + project_domain_name: default + default_domain_id: default ++ stx_admin: ++ role: ++ - admin ++ - member ++ region_name: RegionOne ++ username: stx_admin ++ password: password ++ project_name: admin ++ user_domain_name: default ++ project_domain_name: default ++ default_domain_id: default + test: + role: admin + region_name: RegionOne +@@ -1254,6 +1270,7 @@ manifests: + job_domain_manage: true + job_fernet_setup: true + job_image_repo_sync: true ++ job_ks_user: true + job_rabbit_init: true + pdb_api: true + pod_rally_test: true +-- +2.7.4 + diff --git a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/keystone.py b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/keystone.py index d8116468..093a01c4 100644 --- a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/keystone.py +++ b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/keystone.py @@ -289,5 +289,11 @@ class KeystoneHelm(openstack.OpenstackBaseHelm): return self._get_identity_password(o_service, o_user) + def get_stx_admin_password(self): + o_user = common.USER_STX_ADMIN + o_service = common.SERVICE_ADMIN + + return self._get_identity_password(o_service, o_user) + def get_region_name(self): return self._get_service_region_name(self.SERVICE_NAME) diff --git a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py index 9ebedb2e..40b70a6c 100644 --- a/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py +++ b/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py @@ -345,6 +345,9 @@ class OpenstackBaseHelm(base.BaseHelm): if user == common.USER_ADMIN: o_user = self._get_admin_user_name() o_service = common.SERVICE_ADMIN + elif user == common.USER_STX_ADMIN: + o_user = user + o_service = common.SERVICE_ADMIN else: o_user = user o_service = service