From ead85b623fcd36422118ba9efe40a3f5ff07c19b Mon Sep 17 00:00:00 2001
From: David Moreau Simard <dmsimard@redhat.com>
Date: Thu, 22 Mar 2018 17:57:49 -0400
Subject: [PATCH] Add limestone credentials to nodepool's cloud.yaml

This makes the credentials available so nodepool launcher and builder
can use them.
The limestone credentials have been added to hiera for the nodepool
group.

Change-Id: Idb56db19110e6b30f6231869ff278b90caf99f4b
---
 manifests/site.pp                             | 145 +++++++++++-------
 .../templates/nodepool/clouds.yaml.erb        |  19 +++
 2 files changed, 108 insertions(+), 56 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index e79dc692e8..3ff7485e5e 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -913,35 +913,38 @@ node 'nodepool.openstack.org' {
   $group = 'nodepool'
   # TODO(pabelanger): Move all of this back into nodepool manifest, it has
   # grown too big.
-  $rackspace_username  = hiera('nodepool_rackspace_username', 'username')
-  $rackspace_password  = hiera('nodepool_rackspace_password')
-  $rackspace_project   = hiera('nodepool_rackspace_project', 'project')
-  $hpcloud_username    = hiera('nodepool_hpcloud_username', 'username')
-  $hpcloud_password    = hiera('nodepool_hpcloud_password')
-  $hpcloud_project     = hiera('nodepool_hpcloud_project', 'project')
-  $internap_username   = hiera('nodepool_internap_username', 'username')
-  $internap_password   = hiera('nodepool_internap_password')
-  $internap_project    = hiera('nodepool_internap_project', 'project')
-  $ovh_username        = hiera('nodepool_ovh_username', 'username')
-  $ovh_password        = hiera('nodepool_ovh_password')
-  $ovh_project         = hiera('nodepool_ovh_project', 'project')
-  $tripleo_username    = hiera('nodepool_tripleo_username', 'username')
-  $tripleo_password    = hiera('nodepool_tripleo_password')
-  $tripleo_project     = hiera('nodepool_tripleo_project', 'project')
+  $rackspace_username             = hiera('nodepool_rackspace_username', 'username')
+  $rackspace_password             = hiera('nodepool_rackspace_password')
+  $rackspace_project              = hiera('nodepool_rackspace_project', 'project')
+  $hpcloud_username               = hiera('nodepool_hpcloud_username', 'username')
+  $hpcloud_password               = hiera('nodepool_hpcloud_password')
+  $hpcloud_project                = hiera('nodepool_hpcloud_project', 'project')
+  $internap_username              = hiera('nodepool_internap_username', 'username')
+  $internap_password              = hiera('nodepool_internap_password')
+  $internap_project               = hiera('nodepool_internap_project', 'project')
+  $ovh_username                   = hiera('nodepool_ovh_username', 'username')
+  $ovh_password                   = hiera('nodepool_ovh_password')
+  $ovh_project                    = hiera('nodepool_ovh_project', 'project')
+  $tripleo_username               = hiera('nodepool_tripleo_username', 'username')
+  $tripleo_password               = hiera('nodepool_tripleo_password')
+  $tripleo_project                = hiera('nodepool_tripleo_project', 'project')
   $infracloud_vanilla_username    = hiera('nodepool_infracloud_vanilla_username', 'username')
   $infracloud_vanilla_password    = hiera('nodepool_infracloud_vanilla_password')
   $infracloud_vanilla_project     = hiera('nodepool_infracloud_vanilla_project', 'project')
   $infracloud_chocolate_username  = hiera('nodepool_infracloud_chocolate_username', 'username')
   $infracloud_chocolate_password  = hiera('nodepool_infracloud_chocolate_password')
   $infracloud_chocolate_project   = hiera('nodepool_infracloud_chocolate_project', 'project')
-  $vexxhost_username   = hiera('nodepool_vexxhost_username', 'username')
-  $vexxhost_password   = hiera('nodepool_vexxhost_password')
-  $vexxhost_project    = hiera('nodepool_vexxhost_project', 'project')
-  $citycloud_username = hiera('nodepool_citycloud_username', 'username')
-  $citycloud_password = hiera('nodepool_citycloud_password')
-  $linaro_username = hiera('nodepool_linaro_username', 'username')
-  $linaro_password = hiera('nodepool_linaro_password')
-  $linaro_project = hiera('nodepool_linaro_project', 'project')
+  $vexxhost_username              = hiera('nodepool_vexxhost_username', 'username')
+  $vexxhost_password              = hiera('nodepool_vexxhost_password')
+  $vexxhost_project               = hiera('nodepool_vexxhost_project', 'project')
+  $citycloud_username             = hiera('nodepool_citycloud_username', 'username')
+  $citycloud_password             = hiera('nodepool_citycloud_password')
+  $linaro_username                = hiera('nodepool_linaro_username', 'username')
+  $linaro_password                = hiera('nodepool_linaro_password')
+  $linaro_project                 = hiera('nodepool_linaro_project', 'project')
+  $limestone_username             = hiera('nodepool_limestone_username', 'username')
+  $limestone_password             = hiera('nodepool_limestone_password')
+  $limestone_project              = hiera('nodepool_limestone_project', 'project')
 
   $clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
 
@@ -1005,6 +1008,14 @@ node 'nodepool.openstack.org' {
     content => hiera('infracloud_chocolate_ssl_cert_file_contents'),
     require => Class['::openstackci::nodepool'],
   }
+  file { '/etc/openstack/limestone_cacert.pem':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0444',
+    content => hiera('limestone_ssl_cert_file_contents'),
+    require => Class['::openstackci::nodepool'],
+  }
 
   cron { 'mirror_gitgc':
     user        => 'nodepool',
@@ -1048,9 +1059,12 @@ node /^nl\d+\.openstack\.org$/ {
   $vexxhost_project               = hiera('nodepool_vexxhost_project', 'project')
   $citycloud_username             = hiera('nodepool_citycloud_username', 'username')
   $citycloud_password             = hiera('nodepool_citycloud_password')
-  $linaro_username = hiera('nodepool_linaro_username', 'username')
-  $linaro_password = hiera('nodepool_linaro_password')
-  $linaro_project = hiera('nodepool_linaro_project', 'project')
+  $linaro_username                = hiera('nodepool_linaro_username', 'username')
+  $linaro_password                = hiera('nodepool_linaro_password')
+  $linaro_project                 = hiera('nodepool_linaro_project', 'project')
+  $limestone_username             = hiera('nodepool_limestone_username', 'username')
+  $limestone_password             = hiera('nodepool_limestone_password')
+  $limestone_project              = hiera('nodepool_limestone_project', 'project')
   $clouds_yaml                    = template("openstack_project/nodepool/clouds.yaml.erb")
 
   class { 'openstack_project::server':
@@ -1086,6 +1100,14 @@ node /^nl\d+\.openstack\.org$/ {
     content => hiera('infracloud_chocolate_ssl_cert_file_contents'),
     require => Class['::openstackci::nodepool_launcher'],
   }
+  file { '/etc/openstack/limestone_cacert.pem':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0444',
+    content => hiera('limestone_ssl_cert_file_contents'),
+    require => Class['::openstackci::nodepool_launcher'],
+  }
 }
 
 # Node-OS: xenial
@@ -1093,36 +1115,39 @@ node /^nb\d+\.openstack\.org$/ {
   $group = 'nodepool'
   # TODO(pabelanger): Move all of this back into nodepool manifest, it has
   # grown too big.
-  $rackspace_username  = hiera('nodepool_rackspace_username', 'username')
-  $rackspace_password  = hiera('nodepool_rackspace_password')
-  $rackspace_project   = hiera('nodepool_rackspace_project', 'project')
-  $hpcloud_username    = hiera('nodepool_hpcloud_username', 'username')
-  $hpcloud_password    = hiera('nodepool_hpcloud_password')
-  $hpcloud_project     = hiera('nodepool_hpcloud_project', 'project')
-  $internap_username   = hiera('nodepool_internap_username', 'username')
-  $internap_password   = hiera('nodepool_internap_password')
-  $internap_project    = hiera('nodepool_internap_project', 'project')
-  $ovh_username        = hiera('nodepool_ovh_username', 'username')
-  $ovh_password        = hiera('nodepool_ovh_password')
-  $ovh_project         = hiera('nodepool_ovh_project', 'project')
-  $tripleo_username    = hiera('nodepool_tripleo_username', 'username')
-  $tripleo_password    = hiera('nodepool_tripleo_password')
-  $tripleo_project     = hiera('nodepool_tripleo_project', 'project')
-  $infracloud_vanilla_username    = hiera('nodepool_infracloud_vanilla_username', 'username')
-  $infracloud_vanilla_password    = hiera('nodepool_infracloud_vanilla_password')
-  $infracloud_vanilla_project     = hiera('nodepool_infracloud_vanilla_project', 'project')
-  $infracloud_chocolate_username  = hiera('nodepool_infracloud_chocolate_username', 'username')
-  $infracloud_chocolate_password  = hiera('nodepool_infracloud_chocolate_password')
-  $infracloud_chocolate_project   = hiera('nodepool_infracloud_chocolate_project', 'project')
-  $vexxhost_username   = hiera('nodepool_vexxhost_username', 'username')
-  $vexxhost_password   = hiera('nodepool_vexxhost_password')
-  $vexxhost_project    = hiera('nodepool_vexxhost_project', 'project')
-  $citycloud_username = hiera('nodepool_citycloud_username', 'username')
-  $citycloud_password = hiera('nodepool_citycloud_password')
-  $linaro_username = hiera('nodepool_linaro_username', 'username')
-  $linaro_password = hiera('nodepool_linaro_password')
-  $linaro_project = hiera('nodepool_linaro_project', 'project')
-  $clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
+  $rackspace_username            = hiera('nodepool_rackspace_username', 'username')
+  $rackspace_password            = hiera('nodepool_rackspace_password')
+  $rackspace_project             = hiera('nodepool_rackspace_project', 'project')
+  $hpcloud_username              = hiera('nodepool_hpcloud_username', 'username')
+  $hpcloud_password              = hiera('nodepool_hpcloud_password')
+  $hpcloud_project               = hiera('nodepool_hpcloud_project', 'project')
+  $internap_username             = hiera('nodepool_internap_username', 'username')
+  $internap_password             = hiera('nodepool_internap_password')
+  $internap_project              = hiera('nodepool_internap_project', 'project')
+  $ovh_username                  = hiera('nodepool_ovh_username', 'username')
+  $ovh_password                  = hiera('nodepool_ovh_password')
+  $ovh_project                   = hiera('nodepool_ovh_project', 'project')
+  $tripleo_username              = hiera('nodepool_tripleo_username', 'username')
+  $tripleo_password              = hiera('nodepool_tripleo_password')
+  $tripleo_project               = hiera('nodepool_tripleo_project', 'project')
+  $infracloud_vanilla_username   = hiera('nodepool_infracloud_vanilla_username', 'username')
+  $infracloud_vanilla_password   = hiera('nodepool_infracloud_vanilla_password')
+  $infracloud_vanilla_project    = hiera('nodepool_infracloud_vanilla_project', 'project')
+  $infracloud_chocolate_username = hiera('nodepool_infracloud_chocolate_username', 'username')
+  $infracloud_chocolate_password = hiera('nodepool_infracloud_chocolate_password')
+  $infracloud_chocolate_project  = hiera('nodepool_infracloud_chocolate_project', 'project')
+  $vexxhost_username             = hiera('nodepool_vexxhost_username', 'username')
+  $vexxhost_password             = hiera('nodepool_vexxhost_password')
+  $vexxhost_project              = hiera('nodepool_vexxhost_project', 'project')
+  $citycloud_username            = hiera('nodepool_citycloud_username', 'username')
+  $citycloud_password            = hiera('nodepool_citycloud_password')
+  $linaro_username               = hiera('nodepool_linaro_username', 'username')
+  $linaro_password               = hiera('nodepool_linaro_password')
+  $linaro_project                = hiera('nodepool_linaro_project', 'project')
+  $limestone_username            = hiera('nodepool_limestone_username', 'username')
+  $limestone_password            = hiera('nodepool_limestone_password')
+  $limestone_project             = hiera('nodepool_limestone_project', 'project')
+  $clouds_yaml                   = template("openstack_project/nodepool/clouds.yaml.erb")
 
   class { 'openstack_project::server':
     sysadmins                 => hiera('sysadmins', []),
@@ -1162,6 +1187,14 @@ node /^nb\d+\.openstack\.org$/ {
     content => hiera('infracloud_chocolate_ssl_cert_file_contents'),
     require => Class['::openstackci::nodepool_builder'],
   }
+  file { '/etc/openstack/limestone_cacert.pem':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0444',
+    content => hiera('limestone_ssl_cert_file_contents'),
+    require => Class['::openstackci::nodepool_builder'],
+  }
 
   cron { 'mirror_gitgc':
     user        => 'nodepool',
diff --git a/modules/openstack_project/templates/nodepool/clouds.yaml.erb b/modules/openstack_project/templates/nodepool/clouds.yaml.erb
index 6ac6a5f3fa..dae681c58a 100644
--- a/modules/openstack_project/templates/nodepool/clouds.yaml.erb
+++ b/modules/openstack_project/templates/nodepool/clouds.yaml.erb
@@ -88,3 +88,22 @@ clouds:
       project_name: <%= @linaro_project %>
       project_domain_name: default
       user_domain_name: default
+  limestone:
+    regions:
+      - name: RegionOne
+        values:
+          networks:
+            - name: "Gateway Network"
+              routes_externally: false
+              routes_ipv6_externally: true
+              nat_destination: true
+    auth:
+      auth_url: https://osa.continuous.pw:5000
+      username: <%= @limestone_username %>
+      password: <%= @limestone_password %>
+      project_name: <%= @limestone_project %>
+      user_domain_name: default
+      project_domain_name: default
+    api_timeout: 60
+    identity_api_version: 3
+    cacert: /etc/openstack/limestone_cacert.pem