Fix to read correct options of keystone_authtoken
Reading the correct option names from keystone_authtoken group for authentication. Change-Id: If3d05592b67f9e75f34f14864e564084c991b9e7 Closes-Bug: 1678732
This commit is contained in:
parent
9e42e6958a
commit
8cdf47d158
@ -433,9 +433,9 @@ function copy_nfp_files_and_start_process {
|
||||
|
||||
source $DEVSTACK_DIR/inc/ini-config
|
||||
|
||||
admin_user=`iniget $NEUTRON_CONF keystone_authtoken admin_user`
|
||||
admin_password=`iniget $NEUTRON_CONF keystone_authtoken admin_password`
|
||||
admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken admin_tenant_name`
|
||||
admin_user=`iniget $NEUTRON_CONF keystone_authtoken username`
|
||||
admin_password=`iniget $NEUTRON_CONF keystone_authtoken password`
|
||||
admin_tenant_name=`iniget $NEUTRON_CONF keystone_authtoken project_name`
|
||||
auth_uri=`iniget $NEUTRON_CONF keystone_authtoken auth_uri`
|
||||
auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}')
|
||||
auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')
|
||||
|
@ -29,9 +29,9 @@ function gbp_configure_neutron {
|
||||
|
||||
function nfp_configure_neutron {
|
||||
NEUTRON_ML2_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"
|
||||
iniset $NEUTRON_CONF keystone_authtoken admin_tenant_name "service"
|
||||
iniset $NEUTRON_CONF keystone_authtoken admin_user "neutron"
|
||||
iniset $NEUTRON_CONF keystone_authtoken admin_password $ADMIN_PASSWORD
|
||||
iniset $NEUTRON_CONF keystone_authtoken project_name "service"
|
||||
iniset $NEUTRON_CONF keystone_authtoken username "neutron"
|
||||
iniset $NEUTRON_CONF keystone_authtoken password $ADMIN_PASSWORD
|
||||
iniset $NEUTRON_CONF node_composition_plugin node_plumber "admin_owned_resources_apic_plumber"
|
||||
iniset $NEUTRON_CONF node_composition_plugin node_drivers "nfp_node_driver"
|
||||
iniset $NEUTRON_CONF admin_owned_resources_apic_tscp plumbing_resource_owner_user "neutron"
|
||||
@ -40,7 +40,7 @@ function nfp_configure_neutron {
|
||||
if [[ $EXT_NET_GATEWAY && $EXT_NET_ALLOCATION_POOL_START && $EXT_NET_ALLOCATION_POOL_END && $EXT_NET_CIDR ]]; then
|
||||
iniset $NEUTRON_CONF group_policy_implicit_policy default_external_segment_name "default"
|
||||
fi
|
||||
iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "True"
|
||||
iniset $NEUTRON_CONF nfp_node_driver is_service_admin_owned "False"
|
||||
iniset $NEUTRON_CONF nfp_node_driver svc_management_ptg_name "svc_management_ptg"
|
||||
extn_drivers=$(iniget $NEUTRON_ML2_CONF ml2 extension_drivers)
|
||||
if [[ -n $extn_drivers ]];then
|
||||
|
@ -65,9 +65,9 @@ class DictClass(dict):
|
||||
|
||||
def get_keystone_creds():
|
||||
keystone_conf = cfg.CONF.keystone_authtoken
|
||||
user = keystone_conf.admin_user
|
||||
pw = keystone_conf.admin_password
|
||||
tenant = keystone_conf.admin_tenant_name
|
||||
user = keystone_conf.username
|
||||
pw = keystone_conf.password
|
||||
tenant = keystone_conf.project_name
|
||||
if keystone_conf.get('auth_uri'):
|
||||
auth_url = keystone_conf.auth_uri.rstrip('/')
|
||||
if not auth_url.endswith('/v2.0'):
|
||||
|
@ -78,9 +78,9 @@ def check_if_apic_sys():
|
||||
def set_keystone_authtoken_section():
|
||||
global NEUTRON_CONF
|
||||
nfp_conf = '/etc/nfp.ini'
|
||||
admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_user")
|
||||
admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_password")
|
||||
admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken admin_tenant_name")
|
||||
admin_user = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken username")
|
||||
admin_password = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken password")
|
||||
admin_tenant_name = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken project_name")
|
||||
auth_uri = commands.getoutput("crudini --get " + NEUTRON_CONF + " keystone_authtoken auth_uri")
|
||||
auth_protocol = commands.getoutput("echo " + auth_uri + " | cut -d':' -f1")
|
||||
auth_host = commands.getoutput("echo " + auth_uri + " | cut -d'/' -f3 | cut -d':' -f1")
|
||||
@ -171,14 +171,14 @@ def configure_nfp():
|
||||
|
||||
# Configure service owner
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_user neutron".split(' '))
|
||||
admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken admin_password")
|
||||
admin_password = commands.getoutput("crudini --get /etc/neutron/neutron.conf keystone_authtoken password")
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_password".split(' ') + [admin_password])
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf admin_owned_resources_apic_tscp plumbing_resource_owner_tenant_name services".split(' '))
|
||||
|
||||
# Configure NFP drivers
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_plumber admin_owned_resources_apic_plumber".split(' '))
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf node_composition_plugin node_drivers nfp_node_driver".split(' '))
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned True".split(' '))
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver is_service_admin_owned False".split(' '))
|
||||
subprocess.call("crudini --set /etc/neutron/neutron.conf nfp_node_driver svc_management_ptg_name svc_management_ptg".split(' '))
|
||||
|
||||
# Enable ML2 port security
|
||||
@ -641,9 +641,9 @@ def create_proxy_agent_ctl():
|
||||
def get_openstack_creds():
|
||||
CONFIG.read(NEUTRON_CONF)
|
||||
AUTH_URI = CONFIG.get('keystone_authtoken', 'auth_uri')
|
||||
AUTH_USER = CONFIG.get('keystone_authtoken', 'admin_user')
|
||||
AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'admin_password')
|
||||
AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'admin_tenant_name')
|
||||
AUTH_USER = CONFIG.get('keystone_authtoken', 'username')
|
||||
AUTH_PASSWORD = CONFIG.get('keystone_authtoken', 'password')
|
||||
AUTH_TENANT_NAME = CONFIG.get('keystone_authtoken', 'project_name')
|
||||
os.environ["OS_USERNAME"] = AUTH_USER
|
||||
os.environ["OS_TENANT_NAME"] = AUTH_TENANT_NAME
|
||||
os.environ["OS_PASSWORD"] = AUTH_PASSWORD
|
||||
|
@ -88,7 +88,10 @@ class ChainMappingDriver(api.PolicyDriver, local_api.LocalAPI,
|
||||
|
||||
@staticmethod
|
||||
def chain_tenant_id(reraise=False):
|
||||
keystone = ChainMappingDriver.chain_tenant_keystone_client()
|
||||
try:
|
||||
keystone = ChainMappingDriver.chain_tenant_keystone_client()
|
||||
except cfg.NoSuchOptError:
|
||||
return None
|
||||
if keystone:
|
||||
tenant = cfg.CONF.chain_mapping.chain_owner_tenant_name
|
||||
try:
|
||||
@ -655,6 +658,8 @@ class ChainMappingDriver(api.PolicyDriver, local_api.LocalAPI,
|
||||
ctx.session, servicechain_instance_id=instance_id)
|
||||
if cmap:
|
||||
ctx.tenant_id = cmap[0].tenant_id
|
||||
if not self.chain_owner:
|
||||
self.chain_owner = ChainMappingDriver.chain_tenant_id(reraise=True)
|
||||
if not ctx.tenant_id:
|
||||
ctx.tenant_id = tenant_id or self.chain_owner or provider_tenant_id
|
||||
if self.chain_owner == ctx.tenant_id:
|
||||
|
@ -108,6 +108,25 @@ class ResourceMappingTestCase(test_plugin.GroupPolicyPluginTestCase):
|
||||
self.saved_keystone_client = resource_mapping.k_client.Client
|
||||
resource_mapping.k_client.Client = mock.Mock()
|
||||
|
||||
try:
|
||||
config.cfg.CONF.keystone_authtoken.username
|
||||
except config.cfg.NoSuchOptError:
|
||||
config.cfg.CONF.register_opt(
|
||||
config.cfg.StrOpt('username'),
|
||||
'keystone_authtoken')
|
||||
try:
|
||||
config.cfg.CONF.keystone_authtoken.password
|
||||
except config.cfg.NoSuchOptError:
|
||||
config.cfg.CONF.register_opt(
|
||||
config.cfg.StrOpt('password'),
|
||||
'keystone_authtoken')
|
||||
try:
|
||||
config.cfg.CONF.keystone_authtoken.project_name
|
||||
except config.cfg.NoSuchOptError:
|
||||
config.cfg.CONF.register_opt(
|
||||
config.cfg.StrOpt('project_name'),
|
||||
'keystone_authtoken')
|
||||
|
||||
def tearDown(self):
|
||||
resource_mapping.k_client.Client = self.saved_keystone_client
|
||||
super(ResourceMappingTestCase, self).tearDown()
|
||||
@ -2418,11 +2437,11 @@ class TestServiceChain(ResourceMappingTestCase):
|
||||
self.assertEqual(sc_instance['classifier_id'], classifier_id)
|
||||
|
||||
def _override_keystone_creds(self, usr, pwd, tenant, uri):
|
||||
config.cfg.CONF.set_override('admin_user', usr,
|
||||
config.cfg.CONF.set_override('username', usr,
|
||||
group='keystone_authtoken')
|
||||
config.cfg.CONF.set_override('admin_password', pwd,
|
||||
config.cfg.CONF.set_override('password', pwd,
|
||||
group='keystone_authtoken')
|
||||
config.cfg.CONF.set_override('admin_tenant_name', tenant,
|
||||
config.cfg.CONF.set_override('project_name', tenant,
|
||||
group='keystone_authtoken')
|
||||
config.cfg.CONF.set_override('auth_uri', uri,
|
||||
group='keystone_authtoken')
|
||||
|
@ -27,12 +27,33 @@ class AdminOwnedResourcesTscpTestCase(
|
||||
password = 'password'
|
||||
tenant_name = 'tenant_name',
|
||||
uri = 'http://127.0.0.1:35357/v2.0/'
|
||||
config.cfg.CONF.set_override('admin_user', user,
|
||||
group='keystone_authtoken')
|
||||
config.cfg.CONF.set_override('admin_password', password,
|
||||
group='keystone_authtoken')
|
||||
config.cfg.CONF.set_override('admin_tenant_name', tenant_name,
|
||||
group='keystone_authtoken')
|
||||
try:
|
||||
config.cfg.CONF.keystone_authtoken.username
|
||||
except config.cfg.NoSuchOptError:
|
||||
config.cfg.CONF.register_opt(
|
||||
config.cfg.StrOpt('username', default=user),
|
||||
'keystone_authtoken')
|
||||
else:
|
||||
config.cfg.CONF.set_override('username', user,
|
||||
group='keystone_authtoken')
|
||||
try:
|
||||
config.cfg.CONF.keystone_authtoken.password
|
||||
except config.cfg.NoSuchOptError:
|
||||
config.cfg.CONF.register_opt(
|
||||
config.cfg.StrOpt('password', default=password),
|
||||
'keystone_authtoken')
|
||||
else:
|
||||
config.cfg.CONF.set_override('password', password,
|
||||
group='keystone_authtoken')
|
||||
try:
|
||||
config.cfg.CONF.keystone_authtoken.project_name
|
||||
except config.cfg.NoSuchOptError:
|
||||
config.cfg.CONF.register_opt(
|
||||
config.cfg.StrOpt('project_name', default=tenant_name),
|
||||
'keystone_authtoken')
|
||||
else:
|
||||
config.cfg.CONF.set_override('project_name', tenant_name,
|
||||
group='keystone_authtoken')
|
||||
config.cfg.CONF.set_override('auth_uri', uri,
|
||||
group='keystone_authtoken')
|
||||
super(AdminOwnedResourcesTscpTestCase, self).setUp(
|
||||
|
@ -85,9 +85,9 @@ allow_duplicate_networks = True
|
||||
|
||||
[[post-config|/etc/neutron/neutron.conf]]
|
||||
[keystone_authtoken]
|
||||
admin_tenant_name = service
|
||||
admin_user = neutron
|
||||
admin_password = abc123
|
||||
project_name = service
|
||||
username = neutron
|
||||
password = abc123
|
||||
|
||||
[group_policy]
|
||||
policy_drivers=implicit_policy,resource_mapping,chain_mapping
|
||||
@ -112,7 +112,7 @@ default_proxy_ip_pool = 192.169.0.0/16
|
||||
default_external_segment_name = default
|
||||
|
||||
[nfp_node_driver]
|
||||
is_service_admin_owned = True
|
||||
is_service_admin_owned = False
|
||||
svc_management_ptg_name = svc_management_ptg
|
||||
|
||||
[quotas]
|
||||
|
@ -199,9 +199,9 @@ function copy_nfp_files_and_start_process {
|
||||
|
||||
source $TOP_DIR/inc/ini-config
|
||||
|
||||
admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_user`
|
||||
admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_password`
|
||||
admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name`
|
||||
admin_user=`iniget /etc/neutron/neutron.conf keystone_authtoken username`
|
||||
admin_password=`iniget /etc/neutron/neutron.conf keystone_authtoken password`
|
||||
admin_tenant_name=`iniget /etc/neutron/neutron.conf keystone_authtoken project_name`
|
||||
auth_uri=`iniget /etc/neutron/neutron.conf keystone_authtoken auth_uri`
|
||||
auth_protocol=$(echo $auth_uri | tr ':/' ' ' | awk '{print $1}')
|
||||
auth_host=$(echo $auth_uri | tr ':/' ' ' | awk '{print $2}')
|
||||
|
Loading…
Reference in New Issue
Block a user