Add code to support novajoin in the undercloud
Novajoin is a new nova metadata micro-service that registers instances created by nova with a FreeIPA server, so that we can take advantage of server/service identities, kerberos credentials, access and sudo controls etc. The included modules will cause the undercloud to be registered with a FreeIPA server, for novajoin to be installed, and for nova on the undercloud to be configured to use novajoin. Change-Id: I2e1c18a0174f70dc6e9c1d402caac574e6c81678 Implements: blueprint novajoin
This commit is contained in:
parent
747f41385e
commit
267d9b1fcb
|
@ -45,6 +45,11 @@ for _, group in undercloud.list_opts():
|
|||
upper_name = opt.name.upper()
|
||||
context[upper_name] = os.environ[upper_name]
|
||||
|
||||
# Mustache conditional logic requires ENABLE_NOVAJOIN to be undefined
|
||||
# when novajoin is not enabled.
|
||||
if context['ENABLE_NOVAJOIN'].lower() == 'false':
|
||||
del context['ENABLE_NOVAJOIN']
|
||||
|
||||
endpoint_context = {}
|
||||
for k, v in os.environ.items():
|
||||
if k.startswith('UNDERCLOUD_ENDPOINT_'):
|
||||
|
|
|
@ -624,3 +624,8 @@ Service[$needless_services] {
|
|||
enable => false,
|
||||
ensure => stopped,
|
||||
}
|
||||
|
||||
# novajoin install
|
||||
if str2bool(hiera('enable_novajoin', false)) {
|
||||
include ::nova::metadata::novajoin::api
|
||||
}
|
||||
|
|
|
@ -683,6 +683,20 @@ tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
|
|||
tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
|
||||
tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}
|
||||
|
||||
# Novajoin
|
||||
{{#ENABLE_NOVAJOIN}}
|
||||
nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
|
||||
nova::metadata::novajoin::api::nova_password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
||||
nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
|
||||
ipaclient::password: {{IPA_OTP}}
|
||||
ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
|
||||
enable_novajoin: true
|
||||
nova::api::vendordata_jsonfile_path: '/etc/nova/cloud-config-novajoin.json'
|
||||
nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
|
||||
nova::api::vendordata_dynamic_targets: ['join@http://127.0.0.1:9999/v1/']
|
||||
nova::notification_topics: 'notifications'
|
||||
nova::notify_on_state_change: 'vm_state'
|
||||
{{/ENABLE_NOVAJOIN}}
|
||||
|
||||
# Firewall
|
||||
tripleo::firewall::manage_firewall: true
|
||||
|
|
|
@ -313,6 +313,17 @@ _opts = [
|
|||
'removed in future release. Please consider moving to '
|
||||
'gnocchi/Aodh/Panko API instead.')
|
||||
),
|
||||
cfg.BoolOpt('enable_novajoin',
|
||||
default=False,
|
||||
help=('Whether to install novajoin metadata service in '
|
||||
'the Undercloud.')
|
||||
),
|
||||
cfg.StrOpt('ipa_otp',
|
||||
default='',
|
||||
help=('One Time Password to register Undercloud node with '
|
||||
'an IPA server. '
|
||||
'Required when enable_novajoin = True.')
|
||||
),
|
||||
cfg.BoolOpt('ipxe_enabled',
|
||||
default=True,
|
||||
help=('Whether to use iPXE for deploy and inspection.'),
|
||||
|
|
|
@ -146,7 +146,7 @@
|
|||
# Whether to install Zaqar services in the Undercloud. (boolean value)
|
||||
#enable_zaqar = true
|
||||
|
||||
# Whether to install Telemetry services (ceilometer, aodh, gnocchi) in the
|
||||
# Whether to install Telemetry services (ceilometer, aodh) in the
|
||||
# Undercloud. (boolean value)
|
||||
#enable_telemetry = true
|
||||
|
||||
|
@ -161,10 +161,20 @@
|
|||
# from remote volumes. (boolean value)
|
||||
#enable_cinder = false
|
||||
|
||||
# Whether to enable legacy ceilometer api service in the
|
||||
# Undercloud. (boolean value)
|
||||
# Whether to enable legacy ceilometer api in the Undercloud. Note:
|
||||
# Ceilometer API has been deprecated and will be removed in future
|
||||
# release. Please consider moving to gnocchi/Aodh/Panko API instead.
|
||||
# (boolean value)
|
||||
#enable_legacy_ceilometer_api = true
|
||||
|
||||
# Whether to install novajoin metadata service in the Undercloud.
|
||||
# (boolean value)
|
||||
#enable_novajoin = false
|
||||
|
||||
# One Time Password to register Undercloud node with an IPA server.
|
||||
# Required when enable_novajoin = True. (string value)
|
||||
#ipa_otp =
|
||||
|
||||
# Whether to use iPXE for deploy and inspection. (boolean value)
|
||||
# Deprecated group/name - [DEFAULT]/ipxe_deploy
|
||||
#ipxe_enabled = true
|
||||
|
|
Loading…
Reference in New Issue