x
/
fuel-ccp-nova
Code Issues Proposed changes

Merge "Use keystone_authtoken macros for auth"

This commit is contained in:
Jenkins 2017-02-15 19:59:33 +00:00 committed by Gerrit Code Review
parent 7e61ea00c8 7e14828ef8
commit ca5d3d857b
4 changed files with 28 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
service/files/defaults.yaml
View File

@ -15,6 +15,8 @@ configs:
port:
cont: 8775
secret: "password"
username: nova
password: password
scheduler:
enabled_filters:
- RetryFilter

6
service/files/nova-ironic.conf.j2
View File

@ -12,8 +12,8 @@ api_endpoint = {{ address('ironic-api', ironic.api_port, with_scheme=True) }}/v1
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
auth_strategy = keystone
auth_plugin = password
project_domain_name = default
user_domain_id = default
project_name = service
project_domain_name = {{ service_account.domain }}
user_domain_name = {{ service_account.domain }}
project_name = {{ service_account.project }}
username = {{ ironic.username }}
password = {{ ironic.password }}

43
service/files/nova.conf.j2
View File

@ -68,12 +68,21 @@ html5proxy_port = {{ nova.spicehtml5proxy.port.cont }}
{% if role_name == "nova-compute-ironic" %}
[ironic]
auth_type = password
auth_url = {{ address("keystone", keystone.public_port, with_scheme=True) }}
project_name = {{ service_account.project }}
username = {{ ironic.username }}
password = {{ ironic.password }}
project_domain_name = {{ service_account.domain }}
user_domain_name = {{ service_account.domain }}
#(TODO) remove these parameters when mitaka support will be dropped
#(TODO) remember to update this once discoverd is replaced by inspector
admin_username = {{ ironic_keystone_user }}
admin_password = {{ ironic_keystone_password }}
admin_url = {{ openstack_auth_url }}
admin_tenant_name = service
api_endpoint = http://{{ address('ironic-api') }}:{{ ironic_api_port }}/v1
admin_username = {{ ironic.username }}
admin_password = {{ ironic.password }}
admin_url = {{ address("keystone", keystone.public_port, with_scheme=True) }}/v2
admin_tenant_name = {{ service_account.project }}
api_endpoint = {{ address('ironic-api', ironic.api_port, with_sceme=True) }}/v1
{% endif %}
[oslo_concurrency]
@ -96,11 +105,11 @@ service_metadata_proxy = true
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
auth_type = password
project_domain_name = default
user_domain_id = default
project_name = service
username = {{ neutron.db.username }}
password = {{ neutron.db.password }}
project_domain_name = {{ service_account.domain }}
user_domain_name = {{ service_account.domain }}
project_name = {{ service_account.project }}
username = {{ neutron.username }}
password = {{ neutron.password }}
[database]
connection = mysql+pymysql://{{ nova.db.username }}:{{ nova.db.password }}@{{ address(service.database) }}/{{ nova.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
@ -119,19 +128,7 @@ enabled = true
# FIXME
memcache_servers = {{ address('memcached', memcached.port) }}
[keystone_authtoken]
auth_version = v3
auth_uri = {{ address('keystone', keystone.public_port, with_scheme=True) }}/v3
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}/v3
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ nova.db.username }}
password = {{ nova.db.password }}
# Here we need to pass an array of memcached daemons, for now we just use DNS
#FIXME
memcached_servers = {{ address('memcached', memcached.port) }}
{{ keystone_authtoken.keystone_authtoken(nova.username, nova.password) }}
[libvirt]
virt_type = {{ nova.virt_type }}

7
service/nova-api.yaml
View File

@ -49,15 +49,14 @@ service:
- nova.conf
- name: nova-user-create
type: single
command: openstack user create --project service --password {{ nova.db.password }} {{ nova.db.username }}
command: openstack user create --domain {{ service_account.domain }} --password {{ nova.password }} {{ nova.username }}
dependencies:
- keystone-create-project
- keystone-create-domain
- name: nova-role-add
dependencies:
- nova-user-create
type: single
command: openstack role add --project service --user {{ nova.db.username }} admin
command: openstack role add --domain {{ service_account.domain }} --user {{ nova.username }} admin
- name: nova-service-legacy-create
dependencies:
- keystone