From 676846b6a26fcad9d071db799c4a97c02b88a914 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Thu, 4 Jan 2024 19:42:03 +0100 Subject: [PATCH] Fix Blazar authentication and endpoints definition Closes-Bug: #2048048 Co-Authored-By: Alexey Rusetsky Change-Id: I0dc54f1de1992b24cac7fcdc88d04daa2901cbc4 --- defaults/main.yml | 6 +-- ...r_versioned_endpoint-93784aef044f2caa.yaml | 6 +++ templates/blazar.conf.j2 | 38 +++++++++++++++---- vars/main.yml | 2 +- 4 files changed, 41 insertions(+), 11 deletions(-) create mode 100644 releasenotes/notes/blazar_versioned_endpoint-93784aef044f2caa.yaml diff --git a/defaults/main.yml b/defaults/main.yml index e12c3ea..a75539a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -86,11 +86,11 @@ blazar_service_region: "{{ service_region | default('RegionOne') }}" blazar_service_proto: http blazar_service_type: reservation blazar_service_description: "blazar service" -blazar_service_publicuri: "{{ blazar_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ blazar_service_port }}" +blazar_service_publicuri: "{{ blazar_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ blazar_service_port }}/v1" blazar_service_publicurl: "{{ blazar_service_publicuri }}" -blazar_service_internaluri: "{{ blazar_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ blazar_service_port }}" +blazar_service_internaluri: "{{ blazar_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ blazar_service_port }}/v1" blazar_service_internalurl: "{{ blazar_service_internaluri }}" -blazar_service_adminuri: "{{ blazar_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ blazar_service_port }}" +blazar_service_adminuri: "{{ blazar_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ blazar_service_port }}/v1" blazar_service_adminurl: "{{ blazar_service_adminuri }}" blazar_service_registry_proto: "{{ blazar_service_proto }}" blazar_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(blazar_service_proto) }}" diff --git a/releasenotes/notes/blazar_versioned_endpoint-93784aef044f2caa.yaml b/releasenotes/notes/blazar_versioned_endpoint-93784aef044f2caa.yaml new file mode 100644 index 0000000..6709748 --- /dev/null +++ b/releasenotes/notes/blazar_versioned_endpoint-93784aef044f2caa.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Blazar endpoints are now versioned and were suffixed with ``/v1`` by default + - | + Blazar service authentication was fixed diff --git a/templates/blazar.conf.j2 b/templates/blazar.conf.j2 index 3db86a7..6068f1d 100644 --- a/templates/blazar.conf.j2 +++ b/templates/blazar.conf.j2 @@ -4,6 +4,18 @@ use_journal = True host=0.0.0.0 port={{ blazar_service_port }} +endpoint_type = internal +os_region_name = {{ blazar_service_region }} +os_admin_project_name = {{ blazar_service_project_name }} +os_admin_username = {{ blazar_service_user_name }} +os_admin_password = {{ blazar_service_password }} +os_auth_port = {{ keystone_service_port }} +os_auth_host = {{ internal_lb_vip_address }} +os_auth_protocol = {{ keystone_service_internaluri_proto }} +os_admin_user_domain_name = {{ blazar_service_user_domain_id }} +os_admin_project_domain_name = {{ blazar_service_project_domain_id }} +os_auth_version = v3 + # oslo.messaging default transport transport_url = {{ blazar_oslomsg_rpc_transport }}://{% for host in blazar_oslomsg_rpc_servers.split(',') %}{{ blazar_oslomsg_rpc_userid }}:{{ blazar_oslomsg_rpc_password }}@{{ host }}:{{ blazar_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _blazar_oslomsg_rpc_vhost_conf }}{% if blazar_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ blazar_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ blazar_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} @@ -23,13 +35,16 @@ transport_url = {{ blazar_oslomsg_notify_transport }}://{% for host in blazar_os plugins=physical.host.plugin,virtual.instance.plugin [keystone_authtoken] -auth_type={{ blazar_keystone_auth_plugin }} -project_domain_name={{ blazar_service_project_domain_id }} -project_name={{ blazar_service_user_domain_id }} -user_domain_name={{ blazar_service_user_domain_id }} -username={{ blazar_service_user_name }} -password={{ blazar_service_password }} -auth_url={{ keystone_service_adminuri }} +auth_type = {{ blazar_keystone_auth_plugin }} +project_domain_name = {{ blazar_service_project_domain_id }} +project_name = {{ blazar_service_project_name }} +user_domain_name = {{ blazar_service_user_domain_id }} +username = {{ blazar_service_user_name }} +password = {{ blazar_service_password }} +www_authenticate_uri = {{ keystone_service_internaluri }} +auth_url = {{ keystone_service_internaluri }} +region_name = {{ blazar_service_region }} +insecure = {{ keystone_service_internaluri_insecure | bool }} service_token_roles_required = {{ blazar_service_token_roles_required | bool }} service_token_roles = {{ blazar_service_token_roles | join(',') }} service_type = {{ blazar_service_type }} @@ -40,3 +55,12 @@ max_overflow = {{ blazar_db_max_overflow }} max_pool_size = {{ blazar_db_max_pool_size }} pool_timeout = {{ blazar_db_pool_timeout }} connection_recycle_time = {{ blazar_db_connection_recycle_time }} + +[neutron] +endpoint_type = internal + +[nova] +endpoint_type = internal + +[placement] +endpoint_type = internal diff --git a/vars/main.yml b/vars/main.yml index 18b5247..23f6e10 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -67,7 +67,7 @@ uwsgi_blazar_services: |- {% set _ = value.update( { 'wsgi_path': blazar_bin ~ '/' ~ value.wsgi_name, - 'wsgi_venv': "{{ blazar_bin | dirname }}", + 'wsgi_venv': blazar_bin | dirname, 'uwsgi_uid': blazar_system_user_name, 'uwsgi_guid': blazar_system_group_name, 'uwsgi_processes': blazar_wsgi_processes,