Configure dcmanager user for endpoint_cache
The following changes are made, in order to remove the dependencies to 'admin' user and use 'dcmanager' user to authenticate with services in the subclouds: . Add endpoint_cache section to both dcorch and dcmanager . Configure dcmanager user in the endpoint_cache section . Add dcmanager bootstrap class to configure the dcmanager user on subclouds Partial-Bug: 1883758 Change-Id: I790592f44d371051c157443836f71e3f00640ab5 Signed-off-by: Tao Liu <tao.liu@windriver.com>
This commit is contained in:
Tao Liu
parent
25542c338d
commit
c359018050
|
|
@ -124,6 +124,7 @@ class dcmanager::api (
|
|||
if $keystone_identity_uri {
|
||||
dcmanager_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; }
|
||||
dcmanager_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; }
|
||||
dcmanager_config { 'endpoint_cache/auth_uri': value => "${keystone_identity_uri}/v3"; }
|
||||
} else {
|
||||
dcmanager_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/v3"; }
|
||||
}
|
||||
|
|
@ -161,6 +162,15 @@ class dcmanager::api (
|
|||
'cache/admin_username': value => $keystone_admin_user;
|
||||
'cache/admin_password': value => $keystone_admin_password, secret=> true;
|
||||
}
|
||||
dcmanager_config {
|
||||
'endpoint_cache/auth_plugin': value => $auth_type;
|
||||
'endpoint_cache/username': value => $keystone_user;
|
||||
'endpoint_cache/password': value => $keystone_password, secret=> true;
|
||||
'endpoint_cache/project_name': value => $keystone_tenant;
|
||||
'endpoint_cache/user_domain_name': value => $keystone_user_domain;
|
||||
'endpoint_cache/project_domain_name': value => $keystone_project_domain;
|
||||
'endpoint_cache/http_connect_timeout': value => $keystone_http_connect_timeout;
|
||||
}
|
||||
|
||||
if $keystone_auth_admin_prefix {
|
||||
validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$')
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@
|
|||
#
|
||||
class dcmanager::keystone::auth (
|
||||
$password,
|
||||
$auth_domain,
|
||||
$admin_project_name,
|
||||
$admin_project_domain,
|
||||
$auth_domain = 'Default',
|
||||
$admin_project_name = 'services',
|
||||
$admin_project_domain = 'Default',
|
||||
$auth_name = 'dcmanager',
|
||||
$email = 'dcmanager@localhost',
|
||||
$tenant = 'admin',
|
||||
|
|
|
|||
|
|
@ -81,6 +81,7 @@
|
|||
class dcorch::api_proxy (
|
||||
$keystone_password,
|
||||
$keystone_admin_password,
|
||||
$dcmanager_keystone_password,
|
||||
$keystone_admin_user = 'admin',
|
||||
$keystone_admin_tenant = 'admin',
|
||||
$keystone_enabled = true,
|
||||
|
|
@ -95,6 +96,8 @@ class dcorch::api_proxy (
|
|||
$keystone_identity_uri = false,
|
||||
$keystone_user_domain = 'Default',
|
||||
$keystone_project_domain = 'Default',
|
||||
$keystone_http_connect_timeout = '10',
|
||||
$dcmanager_keystone_user = 'dcmanager',
|
||||
$auth_type = 'password',
|
||||
$service_port = '5000',
|
||||
$package_ensure = 'latest',
|
||||
|
|
@ -122,6 +125,7 @@ class dcorch::api_proxy (
|
|||
if $keystone_identity_uri {
|
||||
dcorch_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; }
|
||||
dcorch_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; }
|
||||
dcorch_config { 'endpoint_cache/auth_uri': value => "${keystone_identity_uri}/v3"; }
|
||||
} else {
|
||||
dcorch_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; }
|
||||
}
|
||||
|
|
@ -157,6 +161,15 @@ class dcorch::api_proxy (
|
|||
'cache/admin_username': value => $keystone_admin_user;
|
||||
'cache/admin_password': value => $keystone_admin_password, secret=> true;
|
||||
}
|
||||
dcorch_config {
|
||||
'endpoint_cache/auth_plugin': value => $auth_type;
|
||||
'endpoint_cache/username': value => $dcmanager_keystone_user;
|
||||
'endpoint_cache/password': value => $dcmanager_keystone_password, secret=> true;
|
||||
'endpoint_cache/project_name': value => $keystone_tenant;
|
||||
'endpoint_cache/user_domain_name': value => $keystone_user_domain;
|
||||
'endpoint_cache/project_domain_name': value => $keystone_project_domain;
|
||||
'endpoint_cache/http_connect_timeout': value => $keystone_http_connect_timeout;
|
||||
}
|
||||
|
||||
if $keystone_auth_admin_prefix {
|
||||
validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$')
|
||||
|
|
|
|||
|
|
@ -32,3 +32,6 @@ include ::platform::filesystem::backup
|
|||
include ::platform::filesystem::kubelet
|
||||
include ::platform::mtce::bootstrap
|
||||
include ::platform::fm::bootstrap
|
||||
|
||||
# Puppet class to config the dcmanager user on subclouds
|
||||
include ::platform::dcmanager::bootstrap
|
||||
|
|
|
|||
|
|
@ -293,7 +293,8 @@ class openstack::keystone::bootstrap(
|
|||
Class['::openstack::barbican::bootstrap'],
|
||||
Class['::platform::sysinv::bootstrap'],
|
||||
Class['::platform::mtce::bootstrap'],
|
||||
Class['::platform::fm::bootstrap'] ],
|
||||
Class['::platform::fm::bootstrap'],
|
||||
Class['::platform::dcmanager::bootstrap']],
|
||||
}
|
||||
-> exec { 'update keystone services project id to match system controller':
|
||||
command => "psql -d keystone -c \"update public.project set id='${dc_services_project_id}' where name='services'\"",
|
||||
|
|
|
|||
|
|
@ -137,3 +137,28 @@ class platform::dcmanager::runtime {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
class platform::dcmanager::bootstrap (
|
||||
$dc_dcmanager_user_id = undef,
|
||||
) {
|
||||
|
||||
# dc_dcmanager_user_id is only defined on subclouds
|
||||
if $dc_dcmanager_user_id {
|
||||
|
||||
class { '::dcmanager::keystone::auth':
|
||||
configure_endpoint => false,
|
||||
}
|
||||
|
||||
exec { 'update keystone dcmanager assignment actor_id to match system controller':
|
||||
command => "psql -d keystone -c \"update public.assignment set actor_id='${dc_dcmanager_user_id}' from public.local_user where\
|
||||
public.assignment.actor_id=public.local_user.user_id and public.local_user.name='dcmanager'\"",
|
||||
user => 'postgres',
|
||||
require => Class['::dcmanager::keystone::auth'],
|
||||
}
|
||||
-> exec { 'update keystone dcmanager user id to match system controller':
|
||||
command => "psql -d keystone -c \"update public.user set id='${dc_dcmanager_user_id}' from public.local_user where\
|
||||
public.user.id=public.local_user.user_id and public.local_user.name='dcmanager'\"",
|
||||
user => 'postgres',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue