Disable dcagent user creation on SystemController
It's not necessary to have the dcagent keystone user present on system controller. Its presence can cause problems during upgrade as it would be necessary for the dcagent user in the subcloud to have the same password as system controller upon creation (before dcdbsync synching upon managing the subcloud). Test plan: - PASS: Build a developer ISO. Deploy a DC system with 2 system controllers and 1 subcloud. Verify the dcagent user is created only on the subcloud. - PASS: Manage the subcloud and verify the dcagent service is working as expected. - PASS: Perform a network reconfiguration on the subcloud. Verify the operation finishes successfully. Story: 2011106 Task: 50747 Change-Id: I13deb83f2e8b602fd8d733b999cf579d4db05034 Signed-off-by: Victor Romano <victor.gluzromano@windriver.com>
This commit is contained in:
parent
94dc8854c5
commit
699a149e70
modules/puppet-dcagent/src/dcagent/manifests/keystone
puppet-manifests/src/modules
@ -22,7 +22,7 @@ class dcagent::keystone::auth (
|
||||
$service_description = 'DCAgent service',
|
||||
$service_name = 'dcagent',
|
||||
$service_type = 'dcagent',
|
||||
$configure_endpoint = false,
|
||||
$configure_endpoint = true,
|
||||
$configure_user = true,
|
||||
$configure_user_role = true,
|
||||
$public_url = 'http://127.0.0.1:8325/v1',
|
||||
@ -33,37 +33,34 @@ class dcagent::keystone::auth (
|
||||
|
||||
$real_service_name = pick($service_name, $auth_name)
|
||||
|
||||
$should_configure_endpoint = $distributed_cloud_role ? {
|
||||
'subcloud' => true,
|
||||
default => $configure_endpoint,
|
||||
}
|
||||
if $distributed_cloud_role == 'subcloud' {
|
||||
keystone::resource::service_identity { 'dcagent':
|
||||
configure_user => $configure_user,
|
||||
configure_user_role => $configure_user_role,
|
||||
configure_endpoint => $configure_endpoint,
|
||||
service_type => $service_type,
|
||||
service_description => $service_description,
|
||||
service_name => $real_service_name,
|
||||
region => $region,
|
||||
auth_name => $auth_name,
|
||||
password => $password,
|
||||
email => $email,
|
||||
tenant => $tenant,
|
||||
public_url => $public_url,
|
||||
admin_url => $admin_url,
|
||||
internal_url => $internal_url,
|
||||
}
|
||||
|
||||
keystone::resource::service_identity { 'dcagent':
|
||||
configure_user => $configure_user,
|
||||
configure_user_role => $configure_user_role,
|
||||
configure_endpoint => $should_configure_endpoint,
|
||||
service_type => $service_type,
|
||||
service_description => $service_description,
|
||||
service_name => $real_service_name,
|
||||
region => $region,
|
||||
auth_name => $auth_name,
|
||||
password => $password,
|
||||
email => $email,
|
||||
tenant => $tenant,
|
||||
public_url => $public_url,
|
||||
admin_url => $admin_url,
|
||||
internal_url => $internal_url,
|
||||
}
|
||||
|
||||
# dcagent is a private service only used by dcmanager-audit and dcorch,
|
||||
# its API is not exposed for public access.
|
||||
-> exec { 'Delete dcagent public endpoint':
|
||||
path => '/usr/bin',
|
||||
command => @("CMD"/L),
|
||||
/bin/sh -c 'source /etc/platform/openrc && \
|
||||
openstack endpoint list --service dcagent --interface public --format value -c ID | \
|
||||
xargs --no-run-if-empty openstack endpoint delete'
|
||||
| CMD
|
||||
logoutput => true,
|
||||
# dcagent is a private service only used by dcmanager-audit and dcorch,
|
||||
# its API is not exposed for public access.
|
||||
-> exec { 'Delete dcagent public endpoint':
|
||||
path => '/usr/bin',
|
||||
command => @("CMD"/L),
|
||||
/bin/sh -c 'source /etc/platform/openrc && \
|
||||
openstack endpoint list --service dcagent --interface public --format value -c ID | \
|
||||
xargs --no-run-if-empty openstack endpoint delete'
|
||||
| CMD
|
||||
logoutput => true,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -315,7 +315,6 @@ class openstack::keystone::endpoint::runtime {
|
||||
include ::dcorch::keystone::auth
|
||||
include ::dcmanager::keystone::auth
|
||||
include ::dcdbsync::keystone::auth
|
||||
include ::dcagent::keystone::auth
|
||||
}
|
||||
|
||||
if $::platform::params::distributed_cloud_role == 'subcloud' {
|
||||
@ -403,16 +402,14 @@ class openstack::keystone::endpoint::reconfig
|
||||
if $::platform::params::distributed_cloud_role =='systemcontroller' {
|
||||
Keystone_endpoint["${region}/dcmanager::dcmanager"] -> Keystone_endpoint["${region}/sysinv::platform"]
|
||||
Keystone_endpoint["${region}/dcdbsync::dcorch-dbsync"] -> Keystone_endpoint["${region}/sysinv::platform"]
|
||||
Keystone_endpoint["${region}/dcagent::dcagent"] -> Keystone_endpoint["${region}/sysinv::platform"]
|
||||
include ::dcorch::keystone::auth
|
||||
include ::dcmanager::keystone::auth
|
||||
include ::dcdbsync::keystone::auth
|
||||
include ::dcagent::keystone::auth
|
||||
}
|
||||
|
||||
if $::platform::params::distributed_cloud_role == 'subcloud' {
|
||||
Keystone_endpoint["${region}/dcdbsync::dcorch-dbsync"] -> Keystone_endpoint["${region}/sysinv::platform"]
|
||||
Keystone_endpoint["${region}/dcagent"] -> Keystone_endpoint["${region}/sysinv::platform"]
|
||||
Keystone_endpoint["${region}/dcagent::dcagent"] -> Keystone_endpoint["${region}/sysinv::platform"]
|
||||
include ::dcdbsync::keystone::auth
|
||||
include ::dcagent::keystone::auth
|
||||
}
|
||||
|
@ -10,8 +10,7 @@ class platform::dcagent::params (
|
||||
|
||||
class platform::dcagent
|
||||
inherits ::platform::dcagent::params {
|
||||
if ($::platform::params::distributed_cloud_role == 'subcloud' or
|
||||
$::platform::params::distributed_cloud_role == 'systemcontroller') {
|
||||
if ($::platform::params::distributed_cloud_role == 'subcloud') {
|
||||
if $service_create {
|
||||
if $::platform::params::init_keystone {
|
||||
include ::dcagent::keystone::auth
|
||||
|
Loading…
x
Reference in New Issue
Block a user