Configure dcmanager user for endpoint_cache

The following changes are made, in order to remove the dependencies to 'admin' user and use 'dcmanager' user to authenticate with services in the subclouds: . Add endpoint_cache section to both dcorch and dcmanager . Configure dcmanager user in the endpoint_cache section . Add dcmanager bootstrap class to configure the dcmanager user on subclouds Partial-Bug: 1883758 Change-Id: I790592f44d371051c157443836f71e3f00640ab5 Signed-off-by: Tao Liu <tao.liu@windriver.com>
2020-06-16 14:47:24 -04:00
parent 25542c338d
commit c359018050
6 changed files with 56 additions and 4 deletions
--- a/modules/puppet-dcorch/src/dcorch/manifests/api_proxy.pp
+++ b/modules/puppet-dcorch/src/dcorch/manifests/api_proxy.pp
@@ -81,6 +81,7 @@
 class dcorch::api_proxy (
  $keystone_password,
  $keystone_admin_password,
+  $dcmanager_keystone_password,
  $keystone_admin_user        = 'admin',
  $keystone_admin_tenant      = 'admin',
  $keystone_enabled           = true,
@@ -95,6 +96,8 @@ class dcorch::api_proxy (
  $keystone_identity_uri      = false,
  $keystone_user_domain       = 'Default',
  $keystone_project_domain    = 'Default',
+  $keystone_http_connect_timeout = '10',
+  $dcmanager_keystone_user    = 'dcmanager',
  $auth_type                  = 'password',
  $service_port               = '5000',
  $package_ensure             = 'latest',
@@ -122,6 +125,7 @@ class dcorch::api_proxy (
  if $keystone_identity_uri {
    dcorch_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; }
    dcorch_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; }
+    dcorch_config { 'endpoint_cache/auth_uri': value => "${keystone_identity_uri}/v3"; }
  } else {
    dcorch_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; }
  }
@@ -157,6 +161,15 @@ class dcorch::api_proxy (
      'cache/admin_username':     value => $keystone_admin_user;
      'cache/admin_password':     value => $keystone_admin_password, secret=> true;
    }
+    dcorch_config {
+      'endpoint_cache/auth_plugin':  value => $auth_type;
+      'endpoint_cache/username':     value => $dcmanager_keystone_user;
+      'endpoint_cache/password':     value => $dcmanager_keystone_password, secret=> true;
+      'endpoint_cache/project_name': value => $keystone_tenant;
+      'endpoint_cache/user_domain_name':     value => $keystone_user_domain;
+      'endpoint_cache/project_domain_name':  value => $keystone_project_domain;
+      'endpoint_cache/http_connect_timeout': value => $keystone_http_connect_timeout;
+    }

    if $keystone_auth_admin_prefix {
      validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$')