[apic-mapping] Use keystone client v3
Changes in this patch switch the apic_mapping policy driver to use keystone client v3. The usage is made consistent with how the aim_mapping driver uses the client. The following cofiguration section will now need to be added to the neutron.conf when using the apic_mapping driver: [apic_aim_auth] password=<admin_password> auth_plugin=v3password user_domain_name=default project_domain_name=default project_name=admin username=admin auth_url=http://<controller-ip-address>:35357/v3 Change-Id: I9ec0b1bcf342614d1c4154170d0666ed33fccad3
This commit is contained in:
parent
803bcf79cc
commit
d612e2a0f9
|
@ -21,10 +21,6 @@ from apic_ml2.neutron.db import port_ha_ipaddress_binding as ha_ip_db
|
|||
from apic_ml2.neutron.plugins.ml2.drivers.cisco.apic import apic_model
|
||||
from apic_ml2.neutron.plugins.ml2.drivers.cisco.apic import config # noqa
|
||||
from apicapi import apic_manager
|
||||
from apicapi import apic_mapper
|
||||
from keystoneclient.auth.identity.generic import password as keypassword
|
||||
from keystoneclient import client as keyclient
|
||||
from keystoneclient import session as keysession
|
||||
from neutron.agent.linux import dhcp
|
||||
from neutron.api.v2 import attributes
|
||||
from neutron.common import constants as n_constants
|
||||
|
@ -56,6 +52,7 @@ from gbpservice._i18n import _LW
|
|||
from gbpservice.neutron.db.grouppolicy.extensions import apic_reuse_bd_db
|
||||
from gbpservice.neutron.db.grouppolicy import group_policy_mapping_db as gpdb
|
||||
from gbpservice.neutron.extensions import group_policy as gpolicy
|
||||
from gbpservice.neutron.plugins.ml2plus.drivers.apic_aim import cache
|
||||
from gbpservice.neutron.services.grouppolicy.common import constants as g_const
|
||||
from gbpservice.neutron.services.grouppolicy.common import exceptions as gpexc
|
||||
from gbpservice.neutron.services.grouppolicy.drivers import (
|
||||
|
@ -300,26 +297,24 @@ class ApicMappingDriver(api.ResourceMappingDriver,
|
|||
'vni_ranges': cfg.CONF.ml2_type_vxlan.vni_ranges,
|
||||
}
|
||||
apic_system_id = cfg.CONF.apic_system_id
|
||||
keyclient_param = keyclient if client else None
|
||||
keystone_authtoken = None
|
||||
session = None
|
||||
keystoneclientv3 = None
|
||||
if client:
|
||||
keystone_authtoken = cfg.CONF.keystone_authtoken
|
||||
pass_params = (
|
||||
apic_mapper.APICNameMapper.get_key_password_params(
|
||||
keystone_authtoken))
|
||||
admin_auth = keypassword.Password(
|
||||
auth_url=pass_params[0],
|
||||
username=pass_params[1], password=pass_params[2],
|
||||
tenant_name=pass_params[3],
|
||||
user_domain_id='Default', project_domain_id='Default')
|
||||
session = keysession.Session(auth=admin_auth)
|
||||
# REVISIT: The following is a bit contrived to
|
||||
# to avoid having to change any code in the
|
||||
# aim drivers. We just want to reuse the
|
||||
# _get_keystone_client() implementation here, but the
|
||||
# original implemenation is not very reusable and hence we
|
||||
# are having to use it in the following way.
|
||||
ncache = cache.ProjectNameCache()
|
||||
ncache._get_keystone_client()
|
||||
keystoneclientv3 = ncache.keystone
|
||||
|
||||
ApicMappingDriver.manager = apic_manager.APICManager(
|
||||
apic_model.ApicDbModel(), logging, network_config, apic_config,
|
||||
keyclient_param, keystone_authtoken, apic_system_id,
|
||||
apic_system_id,
|
||||
default_apic_model=('apic_ml2.neutron.plugins.ml2.drivers.'
|
||||
'cisco.apic.apic_model'),
|
||||
keysession=session)
|
||||
keystoneclientv3=keystoneclientv3)
|
||||
ApicMappingDriver.manager.ensure_infra_created_on_apic()
|
||||
ApicMappingDriver.manager.ensure_bgp_pod_policy_created_on_apic()
|
||||
return ApicMappingDriver.manager
|
||||
|
|
Loading…
Reference in New Issue