diff --git a/packstack/plugins/neutron_350.py b/packstack/plugins/neutron_350.py index db22da6c1..d8673d9f9 100644 --- a/packstack/plugins/neutron_350.py +++ b/packstack/plugins/neutron_350.py @@ -828,12 +828,14 @@ def create_manifests(config, messages): str.strip, config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(',') ) - cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host) + cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % + host.replace('.', '_')) for subnet in tunnel_subnets: tunnel_fw_details(config, host, subnet, fw_details) config[cf_fw_nt_key] = fw_details else: - cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host) + cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % + host.replace('.', '_')) for n_host in network_hosts | compute_hosts: if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']: if config['CONFIG_USE_SUBNETS'] == 'y': diff --git a/packstack/plugins/nova_300.py b/packstack/plugins/nova_300.py index 06e9aadf5..5904e714a 100644 --- a/packstack/plugins/nova_300.py +++ b/packstack/plugins/nova_300.py @@ -374,7 +374,8 @@ def create_compute_manifest(config, messages): for host in compute_hosts: fw_details = dict() - cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host + cf_fw_qemu_mig_key = ("FIREWALL_NOVA_QEMU_MIG_RULES_%s" % + host.replace('.', '_')) for c_host in compute_hosts: key = "nova_qemu_migration_%s_%s" % (host, c_host) fw_details.setdefault(key, {}) diff --git a/packstack/puppet/modules/packstack/manifests/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/ceilometer.pp index bd41c42f8..0f5dae2dd 100644 --- a/packstack/puppet/modules/packstack/manifests/ceilometer.pp +++ b/packstack/puppet/modules/packstack/manifests/ceilometer.pp @@ -54,8 +54,8 @@ class packstack::ceilometer () } class { '::ceilometer::keystone::authtoken': - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - password => hiera('CONFIG_CEILOMETER_KS_PW'), + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + password => hiera('CONFIG_CEILOMETER_KS_PW'), } } diff --git a/packstack/puppet/modules/packstack/manifests/cinder.pp b/packstack/puppet/modules/packstack/manifests/cinder.pp index 0445b477c..b660fdf36 100644 --- a/packstack/puppet/modules/packstack/manifests/cinder.pp +++ b/packstack/puppet/modules/packstack/manifests/cinder.pp @@ -26,9 +26,9 @@ class packstack::cinder () } class { '::cinder::keystone::authtoken': - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - password => hiera('CONFIG_CINDER_KS_PW'), + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + password => hiera('CONFIG_CINDER_KS_PW'), } class { '::cinder::api': diff --git a/packstack/puppet/modules/packstack/manifests/glance.pp b/packstack/puppet/modules/packstack/manifests/glance.pp index c5c15e85b..93b076471 100644 --- a/packstack/puppet/modules/packstack/manifests/glance.pp +++ b/packstack/puppet/modules/packstack/manifests/glance.pp @@ -24,9 +24,9 @@ class packstack::glance () } class { '::glance::api::authtoken': - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - password => hiera('CONFIG_GLANCE_KS_PW'), + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + password => hiera('CONFIG_GLANCE_KS_PW'), } class { '::glance::api::logging': @@ -45,9 +45,9 @@ class packstack::glance () } class { '::glance::registry::authtoken': - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - password => hiera('CONFIG_GLANCE_KS_PW'), + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + password => hiera('CONFIG_GLANCE_KS_PW'), } class { '::glance::registry': diff --git a/packstack/puppet/modules/packstack/manifests/gnocchi.pp b/packstack/puppet/modules/packstack/manifests/gnocchi.pp index b3f9c41c6..b55fcd8d9 100644 --- a/packstack/puppet/modules/packstack/manifests/gnocchi.pp +++ b/packstack/puppet/modules/packstack/manifests/gnocchi.pp @@ -15,10 +15,10 @@ class packstack::gnocchi () } class { '::gnocchi::keystone::authtoken': - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - auth_version => hiera('CONFIG_KEYSTONE_API_VERSION'), - password => hiera('CONFIG_GNOCCHI_KS_PW') + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + auth_version => hiera('CONFIG_KEYSTONE_API_VERSION'), + password => hiera('CONFIG_GNOCCHI_KS_PW') } class { '::gnocchi::api': diff --git a/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp index c1810e503..1a6ec6e0c 100644 --- a/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp +++ b/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp @@ -29,9 +29,9 @@ class packstack::heat::rabbitmq () } class { '::heat::keystone::authtoken': - password => hiera('CONFIG_HEAT_KS_PW'), - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + password => hiera('CONFIG_HEAT_KS_PW'), + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), } class { '::heat::logging': diff --git a/packstack/puppet/modules/packstack/manifests/ironic.pp b/packstack/puppet/modules/packstack/manifests/ironic.pp index 14da06b9d..4809ed59c 100644 --- a/packstack/puppet/modules/packstack/manifests/ironic.pp +++ b/packstack/puppet/modules/packstack/manifests/ironic.pp @@ -7,8 +7,8 @@ class packstack::ironic () } class { '::ironic::api::authtoken': - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - password => hiera('CONFIG_IRONIC_KS_PW'), + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + password => hiera('CONFIG_IRONIC_KS_PW'), } class { '::ironic::api': } diff --git a/packstack/puppet/modules/packstack/manifests/manila.pp b/packstack/puppet/modules/packstack/manifests/manila.pp index e6c0c2f23..7be68c15f 100644 --- a/packstack/puppet/modules/packstack/manifests/manila.pp +++ b/packstack/puppet/modules/packstack/manifests/manila.pp @@ -13,8 +13,8 @@ class packstack::manila () } class { '::manila::keystone::authtoken': - password => hiera('CONFIG_MANILA_KS_PW'), - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + password => hiera('CONFIG_MANILA_KS_PW'), + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), } class { '::manila::api': diff --git a/packstack/puppet/modules/packstack/manifests/neutron/api.pp b/packstack/puppet/modules/packstack/manifests/neutron/api.pp index 538a619ff..8b7b658e6 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/api.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/api.pp @@ -13,11 +13,11 @@ class packstack::neutron::api () $neutron_lbaas_enabled = str2bool(hiera('CONFIG_LBAAS_INSTALL')) class { '::neutron::keystone::authtoken': - username => 'neutron', - password => $neutron_user_password, - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - project_name => 'services', + username => 'neutron', + password => $neutron_user_password, + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + project_name => 'services', } class { '::neutron::server': diff --git a/packstack/puppet/modules/packstack/manifests/neutron/ovn_agent.pp b/packstack/puppet/modules/packstack/manifests/neutron/ovn_agent.pp index 85a061dd0..8b3eb7801 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/ovn_agent.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/ovn_agent.pp @@ -1,7 +1,8 @@ class packstack::neutron::ovn_agent () { $my_ip = choose_my_ip(hiera('HOST_LIST')) - $neutron_tunnel_rule_name = "FIREWALL_NEUTRON_TUNNEL_RULES_${my_ip}" + $my_ip_without_dot = regsubst($my_ip, '\.', '_', 'G') + $neutron_tunnel_rule_name = "FIREWALL_NEUTRON_TUNNEL_RULES_${my_ip_without_dot}" create_resources(packstack::firewall, hiera($neutron_tunnel_rule_name, {})) $neutron_ovn_tunnel_if = hiera('CONFIG_NEUTRON_OVN_TUNNEL_IF', undef) diff --git a/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp b/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp index afa1b5b2e..c089a80d1 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp @@ -1,7 +1,8 @@ class packstack::neutron::ovs_agent () { $my_ip = choose_my_ip(hiera('HOST_LIST')) - $neutron_tunnel_rule_name = "FIREWALL_NEUTRON_TUNNEL_RULES_${my_ip}" + $my_ip_without_dot = regsubst($my_ip, '\.', '_', 'G') + $neutron_tunnel_rule_name = "FIREWALL_NEUTRON_TUNNEL_RULES_${my_ip_without_dot}" create_resources(packstack::firewall, hiera($neutron_tunnel_rule_name, {})) $neutron_ovs_tunnel_if = hiera('CONFIG_NEUTRON_OVS_TUNNEL_IF', undef) diff --git a/packstack/puppet/modules/packstack/manifests/nova/api.pp b/packstack/puppet/modules/packstack/manifests/nova/api.pp index 46ab71e8c..ef44fb437 100644 --- a/packstack/puppet/modules/packstack/manifests/nova/api.pp +++ b/packstack/puppet/modules/packstack/manifests/nova/api.pp @@ -8,13 +8,13 @@ class packstack::nova::api () # TO-DO(mmagr): Add IPv6 support when hostnames are used } - $auth_uri = hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS') + $www_authenticate_uri = hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS') $admin_password = hiera('CONFIG_NOVA_KS_PW') class {'::nova::keystone::authtoken': - password => $admin_password, - auth_uri => $auth_uri, - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + password => $admin_password, + www_authenticate_uri => $www_authenticate_uri, + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), } if hiera('CONFIG_NOVA_PCI_ALIAS') == '' { @@ -55,7 +55,7 @@ class packstack::nova::api () } class { '::nova::placement': - auth_url => $auth_uri, + auth_url => $www_authenticate_uri, password => $admin_password, region_name => hiera('CONFIG_KEYSTONE_REGION'), } diff --git a/packstack/puppet/modules/packstack/manifests/nova/compute.pp b/packstack/puppet/modules/packstack/manifests/nova/compute.pp index c83407647..0ffd42209 100644 --- a/packstack/puppet/modules/packstack/manifests/nova/compute.pp +++ b/packstack/puppet/modules/packstack/manifests/nova/compute.pp @@ -1,7 +1,8 @@ class packstack::nova::compute () { $my_ip = choose_my_ip(hiera('HOST_LIST')) - $qemu_rule_name = "FIREWALL_NOVA_QEMU_MIG_RULES_${my_ip}" + $my_ip_without_dot = regsubst($my_ip, '\.', '_', 'G') + $qemu_rule_name = "FIREWALL_NOVA_QEMU_MIG_RULES_${my_ip_without_dot}" create_resources(packstack::firewall, hiera($qemu_rule_name, {})) create_resources(packstack::firewall, hiera('FIREWALL_NOVA_COMPUTE_RULES', {})) diff --git a/packstack/puppet/modules/packstack/manifests/panko.pp b/packstack/puppet/modules/packstack/manifests/panko.pp index 2f1fc35fc..d4ca9a3dd 100644 --- a/packstack/puppet/modules/packstack/manifests/panko.pp +++ b/packstack/puppet/modules/packstack/manifests/panko.pp @@ -23,10 +23,10 @@ class packstack::panko () } class { '::panko::keystone::authtoken': - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - auth_version => hiera('CONFIG_KEYSTONE_API_VERSION'), - password => hiera('CONFIG_PANKO_KS_PW') + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + auth_version => hiera('CONFIG_KEYSTONE_API_VERSION'), + password => hiera('CONFIG_PANKO_KS_PW') } class { '::panko::api': diff --git a/packstack/puppet/modules/packstack/manifests/provision/bridge.pp b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp index 59fb2d453..dd8c71b9f 100644 --- a/packstack/puppet/modules/packstack/manifests/provision/bridge.pp +++ b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp @@ -15,11 +15,11 @@ class packstack::provision::bridge () } class { '::neutron::keystone::authtoken': - username => 'neutron', - password => $neutron_user_password, - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), - project_name => 'services', + username => 'neutron', + password => $neutron_user_password, + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + project_name => 'services', } if $provision_neutron_br and $setup_ovs_bridge { diff --git a/packstack/puppet/modules/packstack/manifests/sahara/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/sahara/rabbitmq.pp index 751c19b8e..b696ec3b8 100644 --- a/packstack/puppet/modules/packstack/manifests/sahara/rabbitmq.pp +++ b/packstack/puppet/modules/packstack/manifests/sahara/rabbitmq.pp @@ -23,6 +23,14 @@ class packstack::sahara::rabbitmq () File[$files_to_set_owner] ~> Service<| tag == 'sahara-service' |> } + class { '::sahara::keystone::authtoken': + username => 'sahara', + password => hiera('CONFIG_SAHARA_KS_PW'), + project_name => 'services', + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + } + class { '::sahara::logging': debug => hiera('CONFIG_DEBUG_MODE'), } @@ -30,11 +38,6 @@ class packstack::sahara::rabbitmq () class { '::sahara': database_connection => "mysql+pymysql://sahara:${sahara_cfg_sahara_db_pw}@${sahara_cfg_sahara_mariadb_host}/sahara", - admin_user => 'sahara', - admin_password => hiera('CONFIG_SAHARA_KS_PW'), - admin_tenant_name => 'services', - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - identity_uri => hiera('CONFIG_KEYSTONE_ADMIN_URL'), use_neutron => ($sahara_cfg_config_neutron_install == 'y'), host => hiera('CONFIG_SAHARA_HOST'), rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'),