summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPanagiotis Karalis <pkaralis@intracom-telecom.com>2018-09-27 18:29:31 +0300
committerPanagiotis Karalis <pkaralis@intracom-telecom.com>2018-10-05 10:37:51 +0300
commitdc536599f80ba29255e744463c0e1e896fd8a206 (patch)
treef422cd89ccad152c646cb43ed1de6d319a439e64
parent8ddb25da3f0c400cfe60c63c9182bc99cb917b9e (diff)
Tacker uses OpenStack Barbican for secret keys
Use the OpenStack Barbican component instead of OpenStack Keystone as secret key handler. The reason behind is the way that Tacker handles the secret keys of complex scenarios (specially the scenarios with HA) and how they are stored or retrieved between different VMs or Blades. Change-Id: I63d40c5239d2585e8bb7ac3b9338252c9e28c4c6 Signed-off-by: Panagiotis Karalis <pkaralis@intracom-telecom.com>
Notes
Notes (review): Code-Review+2: Manuel Buil <mbuil@suse.com> Code-Review+2: Markos Chandras (hwoarang) <mchandras@suse.de> Code-Review+2: Mohammed Naser <mnaser@vexxhost.com> Workflow+1: Mohammed Naser <mnaser@vexxhost.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 05 Oct 2018 18:37:00 +0000 Reviewed-on: https://review.openstack.org/605784 Project: openstack/openstack-ansible-os_tacker Branch: refs/heads/master
-rw-r--r--defaults/main.yml2
-rw-r--r--templates/tacker.conf.j21
2 files changed, 3 insertions, 0 deletions
diff --git a/defaults/main.yml b/defaults/main.yml
index 29730e6..1e64baa 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -129,6 +129,8 @@ tacker_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(
129tacker_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(tacker_service_proto) }}" 129tacker_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(tacker_service_proto) }}"
130tacker_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(tacker_service_proto) }}" 130tacker_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(tacker_service_proto) }}"
131 131
132## Barbican service
133barbican_keys_backend: false
132 134
133#NOTE: move password to tests/test-vars.yml 135#NOTE: move password to tests/test-vars.yml
134tacker_service_password: password 136tacker_service_password: password
diff --git a/templates/tacker.conf.j2 b/templates/tacker.conf.j2
index 9bc54dc..892b367 100644
--- a/templates/tacker.conf.j2
+++ b/templates/tacker.conf.j2
@@ -103,6 +103,7 @@ mgmt_driver = noop,openwrt
103monitor_driver = ping, http_ping 103monitor_driver = ping, http_ping
104 104
105[vim_keys] 105[vim_keys]
106use_barbican = {{ barbican_keys_backend | bool }}
106openstack = {{ tacker_etc_dir }}/vim/fernet_keys 107openstack = {{ tacker_etc_dir }}/vim/fernet_keys
107 108
108[oslo_messaging_rabbit] 109[oslo_messaging_rabbit]