Ejemplo n.º 1
0
    def _create_overcloudrc(self, stack, parsed_args):
        overcloud_endpoint = utils.get_overcloud_endpoint(stack)
        overcloud_ip = six.moves.urllib.parse.urlparse(
            overcloud_endpoint).hostname

        rc_params = {
            'NOVA_VERSION': '1.1',
            'COMPUTE_API_VERSION': '1.1',
            'OS_USERNAME': '******',
            'OS_TENANT_NAME': 'admin',
            'OS_NO_CACHE': 'True',
            'OS_CLOUDNAME': stack.stack_name,
            'no_proxy': "%(no_proxy)s,%(overcloud_ip)s" % {
                'no_proxy': parsed_args.no_proxy,
                'overcloud_ip': overcloud_ip,
            }
        }
        rc_params.update({
            'OS_PASSWORD':
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            'OS_AUTH_URL':
            utils.get_overcloud_endpoint(stack),
        })
        with open('%src' % stack.stack_name, 'w') as f:
            for key, value in rc_params.items():
                f.write("export %(key)s=%(value)s\n" % {
                    'key': key,
                    'value': value
                })
    def _create_overcloudrc(self, stack, parsed_args):
        overcloud_endpoint = utils.get_overcloud_endpoint(stack)
        overcloud_ip = six.moves.urllib.parse.urlparse(
            overcloud_endpoint).hostname

        rc_params = {
            'NOVA_VERSION': '1.1',
            'COMPUTE_API_VERSION': '1.1',
            'OS_USERNAME': '******',
            'OS_TENANT_NAME': 'admin',
            'OS_NO_CACHE': 'True',
            'OS_CLOUDNAME': stack.stack_name,
            'no_proxy': "%(no_proxy)s,%(overcloud_ip)s" % {
                'no_proxy': parsed_args.no_proxy,
                'overcloud_ip': overcloud_ip,
            }
        }
        rc_params.update({
            'OS_PASSWORD': utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            'OS_AUTH_URL': utils.get_overcloud_endpoint(stack),
        })
        with open('%src' % stack.stack_name, 'w') as f:
            for key, value in rc_params.items():
                f.write("export %(key)s=%(value)s\n" %
                        {'key': key, 'value': value})
    def _get_base_service_data(self, service, data, stack):
        service_data = {}
        password_field = data.get('password_field')
        if password_field:
            service_data['password'] = utils.get_password(password_field)

        # Set internal endpoint
        service_name_internal = self._format_endpoint_name(service, 'internal')
        service_data['internal_host'] = utils.get_endpoint(
            service_name_internal, stack)
        return service_data
    def _get_base_service_data(self, service, data, stack):
        service_data = {}
        password_field = data.get('password_field')
        if password_field:
            service_data['password'] = utils.get_password(
                password_field)

        # Set internal endpoint
        service_name_internal = self._format_endpoint_name(service, 'internal')
        service_data['internal_host'] = utils.get_endpoint(
            service_name_internal, stack)
        return service_data
    def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
                       parsed_args, service_ips):
        keystone_admin_ip = service_ips.get('KeystoneAdminVip')
        keystone_internal_ip = service_ips.get('KeystoneInternalVip')
        tls_enabled = self._is_tls_enabled(overcloud_endpoint)
        keystone_tls_host = None
        if not keystone_admin_ip:
            keystone_admin_ip = overcloud_ip_or_fqdn
        if not keystone_internal_ip:
            keystone_internal_ip = overcloud_ip_or_fqdn
        if tls_enabled:
            # NOTE(jaosorior): This triggers set up the keystone endpoint with
            # the https protocol and the required port set in
            # keystone.initialize.
            keystone_tls_host = overcloud_ip_or_fqdn

        keystone_client = clients.get_keystone_client(
            'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin',
            overcloud_endpoint)
        try:
            # NOTE(bnemec): This assumes Nova will always be deployed, which
            # in the future may not be true.  However, hopefully by that time
            # we'll be able to just remove os-cloud-config-based Keystone
            # init anyway.
            keystone_client.users.find(name='nova')
        except kscexc.NotFound:
            keystone.initialize(keystone_admin_ip,
                                utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
                                '*****@*****.**',
                                utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
                                ssl=keystone_tls_host,
                                public=overcloud_ip_or_fqdn,
                                user=parsed_args.overcloud_ssh_user,
                                admin=keystone_admin_ip,
                                internal=keystone_internal_ip)

            if not tls_enabled:
                # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
                # os_cloud_config.SERVICES dictionary
                for service_name, data in keystone.SERVICES.items():
                    data.pop('ssl_port', None)

            services = {}
            for service, data in six.iteritems(constants.SERVICE_LIST):
                service_data = data.copy()
                service_data.pop('password_field', None)
                password_field = data.get('password_field')
                if password_field:
                    service_data['password'] = utils.get_password(
                        password_field)

                service_name = re.sub('v[0-9]+', '',
                                      service.capitalize() + 'InternalVip')
                internal_vip = service_ips.get(service_name)
                if internal_vip:
                    service_data['internal_host'] = internal_vip
                services.update({service: service_data})

            keystone.setup_endpoints(services,
                                     client=keystone_client,
                                     os_auth_url=overcloud_endpoint,
                                     public_host=overcloud_ip_or_fqdn)
    def _deploy_postconfig(self, stack, parsed_args):
        self.log.debug("_deploy_postconfig(%s)" % parsed_args)

        overcloud_endpoint = utils.get_overcloud_endpoint(stack)
        overcloud_ip = six.moves.urllib.parse.urlparse(
            overcloud_endpoint).hostname

        no_proxy = [os.environ.get('no_proxy'), overcloud_ip]
        os.environ['no_proxy'] = ','.join(
            [x for x in no_proxy if x is not None])

        service_ips = utils.get_service_ips(stack)

        utils.remove_known_hosts(overcloud_ip)

        keystone_ip = service_ips.get('KeystoneAdminVip')
        if not keystone_ip:
            keystone_ip = overcloud_ip

        keystone.initialize(
            keystone_ip,
            utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
            '*****@*****.**',
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            public=overcloud_ip,
            user=parsed_args.overcloud_ssh_user)

        # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
        # os_cloud_config.SERVICES dictionary
        for service_name, data in keystone.SERVICES.iteritems():
            data.pop('ssl_port', None)

        services = {}
        for service, data in six.iteritems(utils.SERVICE_LIST):
            service_data = data.copy()
            service_data.pop('password_field', None)
            password_field = data.get('password_field')
            if password_field:
                service_data['password'] = utils.get_password(password_field)

            service_name = re.sub('v[0-9]+', '',
                                  service.capitalize() + 'InternalVip')
            internal_vip = service_ips.get(service_name)
            if internal_vip:
                service_data['internal_host'] = internal_vip
            services.update({service: service_data})

        keystone_client = clients.get_keystone_client(
            'admin',
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            'admin',
            overcloud_endpoint)
        keystone.setup_endpoints(
            services,
            client=keystone_client,
            os_auth_url=overcloud_endpoint,
            public_host=overcloud_ip)

        compute_client = clients.get_nova_bm_client(
            'admin',
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            'admin',
            overcloud_endpoint)
        compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')
    def _deploy_postconfig(self, stack, parsed_args):
        self.log.debug("_deploy_postconfig(%s)" % parsed_args)

        overcloud_endpoint = utils.get_overcloud_endpoint(stack)
        overcloud_ip = six.moves.urllib.parse.urlparse(
            overcloud_endpoint).hostname

        no_proxy = [os.environ.get('no_proxy'), overcloud_ip]
        os.environ['no_proxy'] = ','.join(
            [x for x in no_proxy if x is not None])

        service_ips = utils.get_service_ips(stack)

        utils.remove_known_hosts(overcloud_ip)

        keystone_ip = service_ips.get('KeystoneAdminVip')
        if not keystone_ip:
            keystone_ip = overcloud_ip

        # Note (spredzy): This was deprecated at the begining of
        # the Mitaka cycle. Should be good to remove for the
        # next N cycle.
        keystone.initialize(
            keystone_ip,
            utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
            '*****@*****.**',
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            public=overcloud_ip,
            user=parsed_args.overcloud_ssh_user)

        # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
        # os_cloud_config.SERVICES dictionary
        for service_name, data in keystone.SERVICES.iteritems():
            data.pop('ssl_port', None)

        services = {}
        for service, data in six.iteritems(constants.SERVICE_LIST):
            service_data = data.copy()
            service_data.pop('password_field', None)
            password_field = data.get('password_field')
            if password_field:
                service_data['password'] = utils.get_password(password_field)

            service_name = re.sub('v[0-9]+', '',
                                  service.capitalize() + 'InternalVip')
            internal_vip = service_ips.get(service_name)
            if internal_vip:
                service_data['internal_host'] = internal_vip
            services.update({service: service_data})

        # Note (spredzy): This was deprecated at the begining of
        # the Mitaka cycle. Should be good to remove for the
        # next N cycle.
        try:
            keystone_client = clients.get_keystone_client(
                'admin',
                utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
                'admin',
                overcloud_endpoint)
            keystone.setup_endpoints(
                services,
                client=keystone_client,
                os_auth_url=overcloud_endpoint,
                public_host=overcloud_ip)
        except kscexc.Conflict:
            pass
        else:
            self.log.warning("Setting up keystone endpoints via "
                             "os-cloud-config. This behavior is "
                             "deprecated and will be removed in "
                             "a future release.  Please update "
                             "your heat templates to a version "
                             "that does Keystone initialization "
                             "via Puppet.")

        compute_client = clients.get_nova_bm_client(
            'admin',
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            'admin',
            overcloud_endpoint)
        compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')
    def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
                       parsed_args, stack):
        keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
        keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip)
        keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
        keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip)
        tls_enabled = self._is_tls_enabled(overcloud_endpoint)
        keystone_tls_host = None
        if tls_enabled:
            # NOTE(jaosorior): This triggers set up the keystone endpoint with
            # the https protocol and the required port set in
            # keystone.initialize.
            keystone_tls_host = overcloud_ip_or_fqdn

        keystone_client = occ_clients.get_keystone_client(
            'admin',
            utils.get_password(self.app.client_manager,
                               stack.stack_name,
                               'AdminPassword'),
            'admin',
            overcloud_endpoint)

        services = {}
        for service, data in six.iteritems(constants.SERVICE_LIST):
            try:
                keystone_client.services.find(name=service)
            except kscexc.NotFound:
                service_data = self._set_service_data(service, data, stack)
                if service_data:
                    services.update({service: service_data})

        if services:
            # This was deprecated in Newton.  The deprecation message and
            # os-cloud-config keystone init should remain until at least the
            # Pike release to ensure users have a chance to update their
            # templates, including ones for the previous release.
            self.log.warning('DEPRECATED: '
                             'It appears Keystone was not initialized by '
                             'Puppet. Will do initialization via '
                             'os-cloud-config, but this behavior is '
                             'deprecated. Please update your templates to a '
                             'version that has Puppet initialization of '
                             'Keystone.'
                             )
            # NOTE(jaosorior): These ports will be None if the templates
            # don't support the EndpointMap as an output yet. And so the
            # default values will be taken.
            public_port = None
            admin_port = None
            internal_port = None
            endpoint_map = utils.get_endpoint_map(stack)
            if endpoint_map:
                public_port = endpoint_map.get('KeystonePublic').get('port')
                admin_port = endpoint_map.get('KeystoneAdmin').get('port')
                internal_port = endpoint_map.get(
                    'KeystoneInternal').get('port')

            # TODO(rbrady): check usages of get_password
            keystone.initialize(
                keystone_admin_ip,
                utils.get_password(self.app.client_manager,
                                   stack.stack_name,
                                   'AdminToken'),
                '*****@*****.**',
                utils.get_password(self.app.client_manager,
                                   stack.stack_name,
                                   'AdminPassword'),
                ssl=keystone_tls_host,
                public=overcloud_ip_or_fqdn,
                user=parsed_args.overcloud_ssh_user,
                admin=keystone_admin_ip,
                internal=keystone_internal_ip,
                public_port=public_port,
                admin_port=admin_port,
                internal_port=internal_port)

            if not tls_enabled:
                # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
                # os_cloud_config.SERVICES dictionary
                for service_name, data in keystone.SERVICES.items():
                    data.pop('ssl_port', None)

            keystone.setup_endpoints(
                services,
                client=keystone_client,
                os_auth_url=overcloud_endpoint,
                public_host=overcloud_ip_or_fqdn)
Ejemplo n.º 9
0
    def _deploy_postconfig(self, stack, parsed_args):
        self.log.debug("_deploy_postconfig(%s)" % parsed_args)

        overcloud_endpoint = utils.get_overcloud_endpoint(stack)
        # NOTE(jaosorior): The overcloud endpoint can contain an IP address or
        # an FQDN depending on how what it's configured to output in the
        # tripleo-heat-templates. Such a configuration can be done by
        # overriding the EndpointMap through parameter_defaults.
        overcloud_ip_or_fqdn = six.moves.urllib.parse.urlparse(
            overcloud_endpoint).hostname

        no_proxy = [os.environ.get('no_proxy'), overcloud_ip_or_fqdn]
        os.environ['no_proxy'] = ','.join(
            [x for x in no_proxy if x is not None])

        service_ips = utils.get_service_ips(stack)

        utils.remove_known_hosts(overcloud_ip_or_fqdn)

        keystone_admin_ip = service_ips.get('KeystoneAdminVip')
        keystone_internal_ip = service_ips.get('KeystoneInternalVip')
        tls_enabled = self._is_tls_enabled(overcloud_endpoint)
        keystone_tls_host = None
        if not keystone_admin_ip:
            keystone_admin_ip = overcloud_ip_or_fqdn
        if not keystone_internal_ip:
            keystone_internal_ip = overcloud_ip_or_fqdn
        if tls_enabled:
            # NOTE(jaosorior): This triggers set up the keystone endpoint with
            # the https protocol and the required port set in
            # keystone.initialize.
            keystone_tls_host = overcloud_ip_or_fqdn

        keystone.initialize(
            keystone_admin_ip,
            utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
            '*****@*****.**',
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            ssl=keystone_tls_host,
            public=overcloud_ip_or_fqdn,
            user=parsed_args.overcloud_ssh_user,
            admin=keystone_admin_ip,
            internal=keystone_internal_ip)

        if not tls_enabled:
            # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
            # os_cloud_config.SERVICES dictionary
            for service_name, data in keystone.SERVICES.iteritems():
                data.pop('ssl_port', None)

        services = {}
        for service, data in six.iteritems(constants.SERVICE_LIST):
            service_data = data.copy()
            service_data.pop('password_field', None)
            password_field = data.get('password_field')
            if password_field:
                service_data['password'] = utils.get_password(password_field)

            service_name = re.sub('v[0-9]+', '',
                                  service.capitalize() + 'InternalVip')
            internal_vip = service_ips.get(service_name)
            if internal_vip:
                service_data['internal_host'] = internal_vip
            services.update({service: service_data})

        keystone_client = clients.get_keystone_client(
            'admin',
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            'admin',
            overcloud_endpoint)
        keystone.setup_endpoints(
            services,
            client=keystone_client,
            os_auth_url=overcloud_endpoint,
            public_host=overcloud_ip_or_fqdn)
    def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
                       parsed_args, stack):
        keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
        keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
        tls_enabled = self._is_tls_enabled(overcloud_endpoint)
        keystone_tls_host = None
        if tls_enabled:
            # NOTE(jaosorior): This triggers set up the keystone endpoint with
            # the https protocol and the required port set in
            # keystone.initialize.
            keystone_tls_host = overcloud_ip_or_fqdn

        keystone_client = clients.get_keystone_client(
            'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin',
            overcloud_endpoint)
        try:
            # NOTE(bnemec): This assumes Nova will always be deployed, which
            # in the future may not be true.  However, hopefully by that time
            # we'll be able to just remove os-cloud-config-based Keystone
            # init anyway.
            keystone_client.users.find(name='nova')
        except kscexc.NotFound:
            # NOTE(jaosorior): These ports will be None if the templates
            # don't support the EndpointMap as an output yet. And so the
            # default values will be taken.
            public_port = None
            admin_port = None
            internal_port = None
            endpoint_map = utils.get_endpoint_map(stack)
            if endpoint_map:
                public_port = endpoint_map.get('KeystonePublic').get('port')
                admin_port = endpoint_map.get('KeystoneAdmin').get('port')
                internal_port = endpoint_map.get('KeystoneInternal').get(
                    'port')
            keystone.initialize(keystone_admin_ip,
                                utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
                                '*****@*****.**',
                                utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
                                ssl=keystone_tls_host,
                                public=overcloud_ip_or_fqdn,
                                user=parsed_args.overcloud_ssh_user,
                                admin=keystone_admin_ip,
                                internal=keystone_internal_ip,
                                public_port=public_port,
                                admin_port=admin_port,
                                internal_port=internal_port)

            if not tls_enabled:
                # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
                # os_cloud_config.SERVICES dictionary
                for service_name, data in keystone.SERVICES.items():
                    data.pop('ssl_port', None)

            services = {}
            for service, data in six.iteritems(constants.SERVICE_LIST):
                service_data = self._set_service_data(service, data, stack)
                if service_data:
                    services.update({service: service_data})

            keystone.setup_endpoints(services,
                                     client=keystone_client,
                                     os_auth_url=overcloud_endpoint,
                                     public_host=overcloud_ip_or_fqdn)
    def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
                       parsed_args, service_ips):
        keystone_admin_ip = service_ips.get('KeystoneAdminVip')
        keystone_internal_ip = service_ips.get('KeystoneInternalVip')
        tls_enabled = self._is_tls_enabled(overcloud_endpoint)
        keystone_tls_host = None
        if not keystone_admin_ip:
            keystone_admin_ip = overcloud_ip_or_fqdn
        if not keystone_internal_ip:
            keystone_internal_ip = overcloud_ip_or_fqdn
        if tls_enabled:
            # NOTE(jaosorior): This triggers set up the keystone endpoint with
            # the https protocol and the required port set in
            # keystone.initialize.
            keystone_tls_host = overcloud_ip_or_fqdn

        keystone_client = clients.get_keystone_client(
            'admin',
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            'admin',
            overcloud_endpoint)
        try:
            # NOTE(bnemec): This assumes Nova will always be deployed, which
            # in the future may not be true.  However, hopefully by that time
            # we'll be able to just remove os-cloud-config-based Keystone
            # init anyway.
            keystone_client.users.find(name='nova')
        except kscexc.NotFound:
            keystone.initialize(
                keystone_admin_ip,
                utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
                '*****@*****.**',
                utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
                ssl=keystone_tls_host,
                public=overcloud_ip_or_fqdn,
                user=parsed_args.overcloud_ssh_user,
                admin=keystone_admin_ip,
                internal=keystone_internal_ip)

            if not tls_enabled:
                # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
                # os_cloud_config.SERVICES dictionary
                for service_name, data in keystone.SERVICES.items():
                    data.pop('ssl_port', None)

            services = {}
            for service, data in six.iteritems(constants.SERVICE_LIST):
                service_data = data.copy()
                service_data.pop('password_field', None)
                password_field = data.get('password_field')
                if password_field:
                    service_data['password'] = utils.get_password(
                        password_field)

                service_name = re.sub('v[0-9]+', '',
                                      service.capitalize() + 'InternalVip')
                internal_vip = service_ips.get(service_name)
                if internal_vip:
                    service_data['internal_host'] = internal_vip
                services.update({service: service_data})

            keystone.setup_endpoints(
                services,
                client=keystone_client,
                os_auth_url=overcloud_endpoint,
                public_host=overcloud_ip_or_fqdn)
Ejemplo n.º 12
0
    def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
                       parsed_args, stack):
        keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
        keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
        tls_enabled = self._is_tls_enabled(overcloud_endpoint)
        keystone_tls_host = None
        if tls_enabled:
            # NOTE(jaosorior): This triggers set up the keystone endpoint with
            # the https protocol and the required port set in
            # keystone.initialize.
            keystone_tls_host = overcloud_ip_or_fqdn

        keystone_client = clients.get_keystone_client(
            'admin',
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            'admin',
            overcloud_endpoint)
        try:
            # NOTE(bnemec): This assumes Nova will always be deployed, which
            # in the future may not be true.  However, hopefully by that time
            # we'll be able to just remove os-cloud-config-based Keystone
            # init anyway.
            keystone_client.users.find(name='nova')
        except kscexc.NotFound:
            # NOTE(jaosorior): These ports will be None if the templates
            # don't support the EndpointMap as an output yet. And so the
            # default values will be taken.
            public_port = None
            admin_port = None
            internal_port = None
            endpoint_map = utils.get_endpoint_map(stack)
            if endpoint_map:
                public_port = endpoint_map.get('KeystonePublic').get('port')
                admin_port = endpoint_map.get('KeystoneAdmin').get('port')
                internal_port = endpoint_map.get(
                    'KeystoneInternal').get('port')
            keystone.initialize(
                keystone_admin_ip,
                utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
                '*****@*****.**',
                utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
                ssl=keystone_tls_host,
                public=overcloud_ip_or_fqdn,
                user=parsed_args.overcloud_ssh_user,
                admin=keystone_admin_ip,
                internal=keystone_internal_ip,
                public_port=public_port,
                admin_port=admin_port,
                internal_port=internal_port)

            if not tls_enabled:
                # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
                # os_cloud_config.SERVICES dictionary
                for service_name, data in keystone.SERVICES.items():
                    data.pop('ssl_port', None)

            services = {}
            for service, data in six.iteritems(constants.SERVICE_LIST):
                service_data = self._set_service_data(service, data, stack)
                if service_data:
                    services.update({service: service_data})

            keystone.setup_endpoints(
                services,
                client=keystone_client,
                os_auth_url=overcloud_endpoint,
                public_host=overcloud_ip_or_fqdn)
    def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
                       parsed_args, stack):
        keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
        keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip)
        keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
        keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip)
        tls_enabled = self._is_tls_enabled(overcloud_endpoint)
        keystone_tls_host = None
        if tls_enabled:
            # NOTE(jaosorior): This triggers set up the keystone endpoint with
            # the https protocol and the required port set in
            # keystone.initialize.
            keystone_tls_host = overcloud_ip_or_fqdn

        keystone_client = clients.get_keystone_client(
            'admin',
            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
            'admin',
            overcloud_endpoint)

        services = {}
        for service, data in six.iteritems(constants.SERVICE_LIST):
            try:
                keystone_client.services.find(name=service)
            except kscexc.NotFound:
                service_data = self._set_service_data(service, data, stack)
                if service_data:
                    services.update({service: service_data})

        if services:
            # This was deprecated in Newton.  The deprecation message and
            # os-cloud-config keystone init should remain until at least the
            # Pike release to ensure users have a chance to update their
            # templates, including ones for the previous release.
            self.log.warning('DEPRECATED: '
                             'It appears Keystone was not initialized by '
                             'Puppet. Will do initialization via '
                             'os-cloud-config, but this behavior is '
                             'deprecated. Please update your templates to a '
                             'version that has Puppet initialization of '
                             'Keystone.'
                             )
            # NOTE(jaosorior): These ports will be None if the templates
            # don't support the EndpointMap as an output yet. And so the
            # default values will be taken.
            public_port = None
            admin_port = None
            internal_port = None
            endpoint_map = utils.get_endpoint_map(stack)
            if endpoint_map:
                public_port = endpoint_map.get('KeystonePublic').get('port')
                admin_port = endpoint_map.get('KeystoneAdmin').get('port')
                internal_port = endpoint_map.get(
                    'KeystoneInternal').get('port')
            keystone.initialize(
                keystone_admin_ip,
                utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
                '*****@*****.**',
                utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
                ssl=keystone_tls_host,
                public=overcloud_ip_or_fqdn,
                user=parsed_args.overcloud_ssh_user,
                admin=keystone_admin_ip,
                internal=keystone_internal_ip,
                public_port=public_port,
                admin_port=admin_port,
                internal_port=internal_port)

            if not tls_enabled:
                # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
                # os_cloud_config.SERVICES dictionary
                for service_name, data in keystone.SERVICES.items():
                    data.pop('ssl_port', None)

            keystone.setup_endpoints(
                services,
                client=keystone_client,
                os_auth_url=overcloud_endpoint,
                public_host=overcloud_ip_or_fqdn)
Ejemplo n.º 14
0
    def _deploy_postconfig(self, stack, parsed_args):
        self.log.debug("_deploy_postconfig(%s)" % parsed_args)

        overcloud_endpoint = utils.get_overcloud_endpoint(stack)
        # NOTE(jaosorior): The overcloud endpoint can contain an IP address or
        # an FQDN depending on how what it's configured to output in the
        # tripleo-heat-templates. Such a configuration can be done by
        # overriding the EndpointMap through parameter_defaults.
        overcloud_ip_or_fqdn = six.moves.urllib.parse.urlparse(
            overcloud_endpoint).hostname

        no_proxy = [os.environ.get('no_proxy'), overcloud_ip_or_fqdn]
        os.environ['no_proxy'] = ','.join(
            [x for x in no_proxy if x is not None])

        service_ips = utils.get_service_ips(stack)

        utils.remove_known_hosts(overcloud_ip_or_fqdn)

        keystone_admin_ip = service_ips.get('KeystoneAdminVip')
        keystone_internal_ip = service_ips.get('KeystoneInternalVip')
        tls_enabled = self._is_tls_enabled(overcloud_endpoint)
        keystone_tls_host = None
        if not keystone_admin_ip:
            keystone_admin_ip = overcloud_ip_or_fqdn
        if not keystone_internal_ip:
            keystone_internal_ip = overcloud_ip_or_fqdn
        if tls_enabled:
            # NOTE(jaosorior): This triggers set up the keystone endpoint with
            # the https protocol and the required port set in
            # keystone.initialize.
            keystone_tls_host = overcloud_ip_or_fqdn

        keystone.initialize(keystone_admin_ip,
                            utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
                            '*****@*****.**',
                            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
                            ssl=keystone_tls_host,
                            public=overcloud_ip_or_fqdn,
                            user=parsed_args.overcloud_ssh_user,
                            admin=keystone_admin_ip,
                            internal=keystone_internal_ip)

        if not tls_enabled:
            # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
            # os_cloud_config.SERVICES dictionary
            for service_name, data in keystone.SERVICES.iteritems():
                data.pop('ssl_port', None)

        services = {}
        for service, data in six.iteritems(constants.SERVICE_LIST):
            service_data = data.copy()
            service_data.pop('password_field', None)
            password_field = data.get('password_field')
            if password_field:
                service_data['password'] = utils.get_password(password_field)

            service_name = re.sub('v[0-9]+', '',
                                  service.capitalize() + 'InternalVip')
            internal_vip = service_ips.get(service_name)
            if internal_vip:
                service_data['internal_host'] = internal_vip
            services.update({service: service_data})

        keystone_client = clients.get_keystone_client(
            'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin',
            overcloud_endpoint)
        keystone.setup_endpoints(services,
                                 client=keystone_client,
                                 os_auth_url=overcloud_endpoint,
                                 public_host=overcloud_ip_or_fqdn)
Ejemplo n.º 15
0
    def _deploy_postconfig(self, stack, parsed_args):
        self.log.debug("_deploy_postconfig(%s)" % parsed_args)

        overcloud_endpoint = utils.get_overcloud_endpoint(stack)
        overcloud_ip = six.moves.urllib.parse.urlparse(
            overcloud_endpoint).hostname

        no_proxy = [os.environ.get('no_proxy'), overcloud_ip]
        os.environ['no_proxy'] = ','.join(
            [x for x in no_proxy if x is not None])

        service_ips = utils.get_service_ips(stack)

        utils.remove_known_hosts(overcloud_ip)

        keystone_ip = service_ips.get('KeystoneAdminVip')
        if not keystone_ip:
            keystone_ip = overcloud_ip

        # Note (spredzy): This was deprecated at the begining of
        # the Mitaka cycle. Should be good to remove for the
        # next N cycle.
        keystone.initialize(keystone_ip,
                            utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
                            '*****@*****.**',
                            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
                            public=overcloud_ip,
                            user=parsed_args.overcloud_ssh_user)

        # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
        # os_cloud_config.SERVICES dictionary
        for service_name, data in keystone.SERVICES.iteritems():
            data.pop('ssl_port', None)

        services = {}
        for service, data in six.iteritems(constants.SERVICE_LIST):
            service_data = data.copy()
            service_data.pop('password_field', None)
            password_field = data.get('password_field')
            if password_field:
                service_data['password'] = utils.get_password(password_field)

            service_name = re.sub('v[0-9]+', '',
                                  service.capitalize() + 'InternalVip')
            internal_vip = service_ips.get(service_name)
            if internal_vip:
                service_data['internal_host'] = internal_vip
            services.update({service: service_data})

        # Note (spredzy): This was deprecated at the begining of
        # the Mitaka cycle. Should be good to remove for the
        # next N cycle.
        try:
            keystone_client = clients.get_keystone_client(
                'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
                'admin', overcloud_endpoint)
            keystone.setup_endpoints(services,
                                     client=keystone_client,
                                     os_auth_url=overcloud_endpoint,
                                     public_host=overcloud_ip)
        except kscexc.Conflict:
            pass
        else:
            self.log.warning("Setting up keystone endpoints via "
                             "os-cloud-config. This behavior is "
                             "deprecated and will be removed in "
                             "a future release.  Please update "
                             "your heat templates to a version "
                             "that does Keystone initialization "
                             "via Puppet.")

        compute_client = clients.get_nova_bm_client(
            'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin',
            overcloud_endpoint)
        compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')