Don't use admin user for OS services.
Generate special front end user and use it instead of admin. Change-Id: I901da00321d5316215bf10b4627e1dd4c25de6ce
This commit is contained in:
parent
18c7be145d
commit
72b63c4c2f
|
@ -16,10 +16,17 @@ if $scaleio['metadata']['enabled'] {
|
|||
true => $scaleio['gateway_ip'],
|
||||
default => hiera('management_vip')
|
||||
}
|
||||
$password = $scaleio['password']
|
||||
if $scaleio['existing_cluster'] {
|
||||
$client_password = $password
|
||||
} else {
|
||||
$client_password_str = base64('encode', pw_hash($password, 'SHA-512', 'scaleio.client.access'))
|
||||
$client_password = inline_template('Sio-<%= @client_password_str[33..40] %>-<%= @client_password_str[41..48] %>')
|
||||
}
|
||||
class {'::scaleio_openstack::cinder':
|
||||
ensure => present,
|
||||
gateway_user => $::gateway_user,
|
||||
gateway_password => $scaleio['password'],
|
||||
gateway_password => $client_password,
|
||||
gateway_ip => $gateway_ip,
|
||||
gateway_port => $::gateway_port,
|
||||
protection_domains => $scaleio['protection_domain'],
|
||||
|
|
|
@ -319,6 +319,8 @@ if $scaleio['metadata']['enabled'] {
|
|||
} else {
|
||||
$capacity_critical_alert_threshold = undef
|
||||
}
|
||||
$client_password_str = base64('encode', pw_hash($password, 'SHA-512', 'scaleio.client.access'))
|
||||
$client_password = inline_template('Sio-<%= @client_password_str[33..40] %>-<%= @client_password_str[41..48] %>')
|
||||
notify {"Configure cluster MDM: ${master_mdm}": } ->
|
||||
scaleio::login {'Normal':
|
||||
password => $password,
|
||||
|
@ -391,6 +393,7 @@ if $scaleio['metadata']['enabled'] {
|
|||
rfcache_devices => $rfcache_devices,
|
||||
sds_devices_config => $sds_devices_config,
|
||||
require => Protection_domain_ensure[$protection_domain_array],
|
||||
before => Scaleio::Cluster['Create scaleio client user'],
|
||||
}
|
||||
if $capacity_high_alert_threshold and $capacity_critical_alert_threshold {
|
||||
scaleio::cluster {'Configure alerts':
|
||||
|
@ -398,6 +401,7 @@ if $scaleio['metadata']['enabled'] {
|
|||
capacity_high_alert_threshold => $capacity_high_alert_threshold,
|
||||
capacity_critical_alert_threshold => $capacity_critical_alert_threshold,
|
||||
require => Protection_domain_ensure[$protection_domain_array],
|
||||
before => Scaleio::Cluster['Create scaleio client user'],
|
||||
}
|
||||
}
|
||||
# Apply high performance profile to SDC-es
|
||||
|
@ -406,8 +410,14 @@ if $scaleio['metadata']['enabled'] {
|
|||
scaleio::sdc {'Set performance settings for all available SDCs':
|
||||
ip => $sdc_nodes_ips[0],
|
||||
require => Protection_domain_ensure[$protection_domain_array],
|
||||
before => Scaleio::Cluster['Create scaleio client user'],
|
||||
}
|
||||
}
|
||||
scaleio::cluster {'Create scaleio client user':
|
||||
ensure => 'present',
|
||||
client_password => $client_password,
|
||||
require => [Protection_domain_ensure[$protection_domain_array], Sds_ensure[$to_add_sds_names]],
|
||||
}
|
||||
} else {
|
||||
notify {"Not Master MDM IP ${master_mdm}": }
|
||||
}
|
||||
|
@ -426,7 +436,6 @@ if $scaleio['metadata']['enabled'] {
|
|||
match => '^SCALEIO_discovery_allowed=',
|
||||
line => 'SCALEIO_discovery_allowed=no',
|
||||
}
|
||||
|
||||
} else {
|
||||
fail('Empty MDM IPs configuration')
|
||||
}
|
||||
|
|
|
@ -153,10 +153,10 @@ if $scaleio['metadata']['enabled'] {
|
|||
fact => 'ips',
|
||||
value => $ctrl_ips
|
||||
} ->
|
||||
env_fact{'Environment fact: role gateway, user: admin':
|
||||
env_fact{'Environment fact: role gateway, user: scaleio_client':
|
||||
role => 'gateway',
|
||||
fact => 'user',
|
||||
value => 'admin'
|
||||
value => 'scaleio_client'
|
||||
} ->
|
||||
env_fact{'Environment fact: role gateway, port: 4443':
|
||||
role => 'gateway',
|
||||
|
|
|
@ -16,10 +16,17 @@ if $scaleio['metadata']['enabled'] {
|
|||
true => $scaleio['gateway_ip'],
|
||||
default => hiera('management_vip')
|
||||
}
|
||||
$password = $scaleio['password']
|
||||
if $scaleio['existing_cluster'] {
|
||||
$client_password = $password
|
||||
} else {
|
||||
$client_password_str = base64('encode', pw_hash($password, 'SHA-512', 'scaleio.client.access'))
|
||||
$client_password = inline_template('Sio-<%= @client_password_str[33..40] %>-<%= @client_password_str[41..48] %>')
|
||||
}
|
||||
class {'::scaleio_openstack::nova':
|
||||
ensure => present,
|
||||
gateway_user => $::gateway_user,
|
||||
gateway_password => $scaleio['password'],
|
||||
gateway_password => $client_password,
|
||||
gateway_ip => $gateway_ip,
|
||||
gateway_port => $::gateway_port,
|
||||
protection_domains => $scaleio['protection_domain'],
|
||||
|
|
Loading…
Reference in New Issue