def main(): args = parse_args() environment._configure_logging(args) initialize(args.host, args.admin_token, args.admin_email, args.admin_password, args.region, args.ssl, args.public, args.user, args.timeout, args.pollinterval)
def test_initialize(self, check_call_mock): self._patch_client() self._patch_client_v3() self.client.services.findall.return_value = [] self.client.endpoints.findall.return_value = [] self.client.roles.findall.return_value = [] self.client.tenants.findall.return_value = [] keystone.initialize( '192.0.0.3', 'mytoken', '*****@*****.**', 'adminpasswd') self.client.tenants.create.assert_has_calls( [mock.call('admin', None), mock.call('service', None)]) self.assert_calls_in_grant_admin_user_roles() self.assert_endpoint('192.0.0.3') check_call_mock.assert_called_once_with( ["ssh", "-o" "StrictHostKeyChecking=no", "-t", "-l", "root", "192.0.0.3", "sudo", "keystone-manage", "pki_setup", "--keystone-user", "$(getent passwd | grep '^keystone' | cut -d: -f1)", "--keystone-group", "$(getent group | grep '^keystone' | cut -d: -f1)"])
def test_initialize(self, check_call_mock): self._patch_client() self._patch_client_v3() self.client.services.findall.return_value = [] self.client.endpoints.findall.return_value = [] self.client.roles.findall.return_value = [] self.client.tenants.findall.return_value = [] keystone.initialize('192.0.0.3', 'mytoken', '*****@*****.**', 'adminpasswd') self.client.tenants.create.assert_has_calls( [mock.call('admin', None), mock.call('service', None)]) self.assert_calls_in_grant_admin_user_roles() self.assert_endpoint('192.0.0.3') check_call_mock.assert_called_once_with([ "ssh", "-o" "StrictHostKeyChecking=no", "-t", "-l", "root", "192.0.0.3", "sudo", "keystone-manage", "pki_setup", "--keystone-user", "$(getent passwd | grep '^keystone' | cut -d: -f1)", "--keystone-group", "$(getent group | grep '^keystone' | cut -d: -f1)" ])
def handle(self, request, data): try: plan = api.tuskar.Plan.get_the_plan(request) controller_role = plan.get_role_by_name("controller") stack = api.heat.Stack.get_by_plan(self.request, plan) admin_token = plan.parameter_value( controller_role.parameter_prefix + 'AdminToken') admin_password = plan.parameter_value( controller_role.parameter_prefix + 'AdminPassword') admin_email = data['admin_email'] auth_ip = stack.keystone_ip auth_url = stack.keystone_auth_url auth_tenant = 'admin' auth_user = '******' # do the keystone init keystone_config.initialize(auth_ip, admin_token, admin_email, admin_password, region='regionOne', ssl=None, public=None, user='******', pki_setup=False) # retrieve needed Overcloud clients keystone_client = clients.get_keystone_client( auth_user, admin_password, auth_tenant, auth_url) neutron_client = clients.get_neutron_client( auth_user, admin_password, auth_tenant, auth_url) # do the setup endpoints keystone_config.setup_endpoints(self.build_endpoints( plan, controller_role), public_host=data['public_host'], region=data['region'], os_auth_url=auth_url, client=keystone_client) # do the neutron init try: neutron_config.initialize_neutron( self.build_neutron_setup(data), neutron_client=neutron_client, keystone_client=keystone_client) except neutron_exceptions.BadRequest as e: LOG.info('Neutron has been already initialized.') LOG.info(e.message) except Exception as e: LOG.exception(e) horizon.exceptions.handle(request, _("Unable to initialize Overcloud.")) return False else: msg = _('Overcloud has been initialized.') horizon.messages.success(request, msg) return True
def _deploy_postconfig(self, stack, parsed_args): self.log.debug("_deploy_postconfig(%s)" % parsed_args) passwords = self.passwords overcloud_endpoint = self._get_overcloud_endpoint(stack) overcloud_ip = six.moves.urllib.parse.urlparse( overcloud_endpoint).hostname no_proxy = [os.environ.get('no_proxy'), overcloud_ip] os.environ['no_proxy'] = ','.join( [x for x in no_proxy if x is not None]) service_ips = self._get_service_ips(stack) utils.remove_known_hosts(overcloud_ip) keystone_ip = service_ips.get('KeystoneInternalVip') if not keystone_ip: keystone_ip = overcloud_ip keystone.initialize(keystone_ip, passwords['OVERCLOUD_ADMIN_TOKEN'], '*****@*****.**', passwords['OVERCLOUD_ADMIN_PASSWORD'], public=overcloud_ip, user='******') # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.iteritems(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(utils.SERVICE_LIST): service_data = data.copy() service_data.pop('password_field', None) password_field = data.get('password_field') if password_field: service_data['password'] = passwords[password_field] service_name = re.sub('v[0-9]+', '', service.capitalize() + 'InternalVip') internal_vip = service_ips.get(service_name) if internal_vip: service_data['internal_host'] = internal_vip services.update({service: service_data}) keystone_client = clients.get_keystone_client( 'admin', passwords['OVERCLOUD_ADMIN_PASSWORD'], 'admin', overcloud_endpoint) keystone.setup_endpoints(services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip) compute_client = clients.get_nova_bm_client( 'admin', passwords['OVERCLOUD_ADMIN_PASSWORD'], 'admin', overcloud_endpoint) compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')
def test_idempotent_initialize(self, check_call_mock): self._patch_client() self.client.services.findall.return_value = mock.MagicMock() self.client.endpoints.findall.return_value = mock.MagicMock() self.client.roles.findall.return_value = mock.MagicMock() self.client.tenants.findall.return_value = mock.MagicMock() keystone.initialize('192.0.0.3', 'mytoken', '*****@*****.**', 'adminpasswd') self.assertFalse(self.client.roles.create('admin').called) self.assertFalse(self.client.roles.create('service').called) self.assertFalse(self.client.tenants.create('admin', None).called) self.assertFalse(self.client.tenants.create('service', None).called) self.assert_calls_in_create_user() check_call_mock.assert_called_once_with([ "ssh", "-o" "StrictHostKeyChecking=no", "-t", "-l", "root", "192.0.0.3", "sudo", "keystone-manage", "pki_setup", "--keystone-user", "$(getent passwd | grep '^keystone' | cut -d: -f1)", "--keystone-group", "$(getent group | grep '^keystone' | cut -d: -f1)" ])
def test_idempotent_initialize(self, check_call_mock): self._patch_client() self.client.services.findall.return_value = mock.MagicMock() self.client.endpoints.findall.return_value = mock.MagicMock() self.client.roles.findall.return_value = mock.MagicMock() self.client.tenants.findall.return_value = mock.MagicMock() keystone.initialize( '192.0.0.3', 'mytoken', '*****@*****.**', 'adminpasswd') self.assertFalse(self.client.roles.create('admin').called) self.assertFalse(self.client.roles.create('service').called) self.assertFalse(self.client.tenants.create('admin', None).called) self.assertFalse(self.client.tenants.create('service', None).called) self.assert_calls_in_create_user() check_call_mock.assert_called_once_with( ["ssh", "-o" "StrictHostKeyChecking=no", "-t", "-l", "root", "192.0.0.3", "sudo", "keystone-manage", "pki_setup", "--keystone-user", "$(getent passwd | grep '^keystone' | cut -d: -f1)", "--keystone-group", "$(getent group | grep '^keystone' | cut -d: -f1)"])
def main(): args = parse_args() environment._configure_logging(args) if args.pkisetup and not args.user: print("User is required if PKI setup will be performed.") return 1 initialize(args.host, args.admin_token, args.admin_email, args.admin_password, args.region, args.ssl, args.public, args.user, args.timeout, args.pollinterval, args.pkisetup)
def handle(self, request, data): try: plan = api.tuskar.Plan.get_the_plan(request) controller_role = plan.get_role_by_name("Controller") stack = api.heat.Stack.get_by_plan(self.request, plan) admin_token = plan.parameter_value( controller_role.parameter_prefix + 'AdminToken') admin_password = plan.parameter_value( controller_role.parameter_prefix + 'AdminPassword') admin_email = data['admin_email'] auth_ip = stack.keystone_ip auth_url = stack.keystone_auth_url auth_tenant = 'admin' auth_user = '******' # do the keystone init keystone_config.initialize( auth_ip, admin_token, admin_email, admin_password, region='regionOne', ssl=None, public=None, user='******', pki_setup=False) # retrieve needed Overcloud clients keystone_client = clients.get_keystone_client( auth_user, admin_password, auth_tenant, auth_url) neutron_client = clients.get_neutron_client( auth_user, admin_password, auth_tenant, auth_url) # do the setup endpoints keystone_config.setup_endpoints( self.build_endpoints(plan, controller_role), public_host=data['public_host'], region=data['region'], os_auth_url=auth_url, client=keystone_client) # do the neutron init try: neutron_config.initialize_neutron( self.build_neutron_setup(data), neutron_client=neutron_client, keystone_client=keystone_client) except neutron_exceptions.BadRequest as e: LOG.info('Neutron has been already initialized.') LOG.info(e.message) except Exception as e: LOG.exception(e) horizon.exceptions.handle(request, _("Unable to initialize Overcloud.")) return False else: msg = _('Overcloud has been initialized.') horizon.messages.success(request, msg) return True
def _deploy_postconfig(self, stack, parsed_args): self.log.debug("_deploy_postconfig(%s)" % parsed_args) overcloud_endpoint = utils.get_overcloud_endpoint(stack) overcloud_ip = six.moves.urllib.parse.urlparse( overcloud_endpoint).hostname no_proxy = [os.environ.get('no_proxy'), overcloud_ip] os.environ['no_proxy'] = ','.join( [x for x in no_proxy if x is not None]) service_ips = utils.get_service_ips(stack) utils.remove_known_hosts(overcloud_ip) keystone_ip = service_ips.get('KeystoneAdminVip') if not keystone_ip: keystone_ip = overcloud_ip # Note (spredzy): This was deprecated at the begining of # the Mitaka cycle. Should be good to remove for the # next N cycle. keystone.initialize( keystone_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), public=overcloud_ip, user=parsed_args.overcloud_ssh_user) # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.iteritems(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = data.copy() service_data.pop('password_field', None) password_field = data.get('password_field') if password_field: service_data['password'] = utils.get_password(password_field) service_name = re.sub('v[0-9]+', '', service.capitalize() + 'InternalVip') internal_vip = service_ips.get(service_name) if internal_vip: service_data['internal_host'] = internal_vip services.update({service: service_data}) # Note (spredzy): This was deprecated at the begining of # the Mitaka cycle. Should be good to remove for the # next N cycle. try: keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip) except kscexc.Conflict: pass else: self.log.warning("Setting up keystone endpoints via " "os-cloud-config. This behavior is " "deprecated and will be removed in " "a future release. Please update " "your heat templates to a version " "that does Keystone initialization " "via Puppet.") compute_client = clients.get_nova_bm_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) try: # NOTE(bnemec): This assumes Nova will always be deployed, which # in the future may not be true. However, hopefully by that time # we'll be able to just remove os-cloud-config-based Keystone # init anyway. keystone_client.users.find(name='nova') except kscexc.NotFound: # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get( 'KeystoneInternal').get('port') keystone.initialize( keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): try: keystone_client.services.find(name=service) except kscexc.NotFound: service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) if services: # This was deprecated in Newton. The deprecation message and # os-cloud-config keystone init should remain until at least the # Pike release to ensure users have a chance to update their # templates, including ones for the previous release. self.log.warning('DEPRECATED: ' 'It appears Keystone was not initialized by ' 'Puppet. Will do initialization via ' 'os-cloud-config, but this behavior is ' 'deprecated. Please update your templates to a ' 'version that has Puppet initialization of ' 'Keystone.' ) # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get( 'KeystoneInternal').get('port') keystone.initialize( keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, service_ips): keystone_admin_ip = service_ips.get('KeystoneAdminVip') keystone_internal_ip = service_ips.get('KeystoneInternalVip') tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if not keystone_admin_ip: keystone_admin_ip = overcloud_ip_or_fqdn if not keystone_internal_ip: keystone_internal_ip = overcloud_ip_or_fqdn if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) try: # NOTE(bnemec): This assumes Nova will always be deployed, which # in the future may not be true. However, hopefully by that time # we'll be able to just remove os-cloud-config-based Keystone # init anyway. keystone_client.users.find(name='nova') except kscexc.NotFound: keystone.initialize( keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = data.copy() service_data.pop('password_field', None) password_field = data.get('password_field') if password_field: service_data['password'] = utils.get_password( password_field) service_name = re.sub('v[0-9]+', '', service.capitalize() + 'InternalVip') internal_vip = service_ips.get(service_name) if internal_vip: service_data['internal_host'] = internal_vip services.update({service: service_data}) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = occ_clients.get_keystone_client( 'admin', utils.get_password(self.app.client_manager, stack.stack_name, 'AdminPassword'), 'admin', overcloud_endpoint) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): try: keystone_client.services.find(name=service) except kscexc.NotFound: service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) if services: # This was deprecated in Newton. The deprecation message and # os-cloud-config keystone init should remain until at least the # Pike release to ensure users have a chance to update their # templates, including ones for the previous release. self.log.warning('DEPRECATED: ' 'It appears Keystone was not initialized by ' 'Puppet. Will do initialization via ' 'os-cloud-config, but this behavior is ' 'deprecated. Please update your templates to a ' 'version that has Puppet initialization of ' 'Keystone.' ) # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get( 'KeystoneInternal').get('port') # TODO(rbrady): check usages of get_password keystone.initialize( keystone_admin_ip, utils.get_password(self.app.client_manager, stack.stack_name, 'AdminToken'), '*****@*****.**', utils.get_password(self.app.client_manager, stack.stack_name, 'AdminPassword'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def main(): args = parse_args() initialize(args.host, args.admin_token, args.admin_email, args.admin_password, args.region, args.ssl, args.public, args.user)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) try: # NOTE(bnemec): This assumes Nova will always be deployed, which # in the future may not be true. However, hopefully by that time # we'll be able to just remove os-cloud-config-based Keystone # init anyway. keystone_client.users.find(name='nova') except kscexc.NotFound: # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get('KeystoneInternal').get( 'port') keystone.initialize(keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) keystone.setup_endpoints(services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _deploy_postconfig(self, stack, parsed_args): self.log.debug("_deploy_postconfig(%s)" % parsed_args) overcloud_endpoint = utils.get_overcloud_endpoint(stack) # NOTE(jaosorior): The overcloud endpoint can contain an IP address or # an FQDN depending on how what it's configured to output in the # tripleo-heat-templates. Such a configuration can be done by # overriding the EndpointMap through parameter_defaults. overcloud_ip_or_fqdn = six.moves.urllib.parse.urlparse( overcloud_endpoint).hostname no_proxy = [os.environ.get('no_proxy'), overcloud_ip_or_fqdn] os.environ['no_proxy'] = ','.join( [x for x in no_proxy if x is not None]) service_ips = utils.get_service_ips(stack) utils.remove_known_hosts(overcloud_ip_or_fqdn) keystone_admin_ip = service_ips.get('KeystoneAdminVip') keystone_internal_ip = service_ips.get('KeystoneInternalVip') tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if not keystone_admin_ip: keystone_admin_ip = overcloud_ip_or_fqdn if not keystone_internal_ip: keystone_internal_ip = overcloud_ip_or_fqdn if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone.initialize(keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.iteritems(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = data.copy() service_data.pop('password_field', None) password_field = data.get('password_field') if password_field: service_data['password'] = utils.get_password(password_field) service_name = re.sub('v[0-9]+', '', service.capitalize() + 'InternalVip') internal_vip = service_ips.get(service_name) if internal_vip: service_data['internal_host'] = internal_vip services.update({service: service_data}) keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) keystone.setup_endpoints(services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, service_ips): keystone_admin_ip = service_ips.get('KeystoneAdminVip') keystone_internal_ip = service_ips.get('KeystoneInternalVip') tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if not keystone_admin_ip: keystone_admin_ip = overcloud_ip_or_fqdn if not keystone_internal_ip: keystone_internal_ip = overcloud_ip_or_fqdn if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) try: # NOTE(bnemec): This assumes Nova will always be deployed, which # in the future may not be true. However, hopefully by that time # we'll be able to just remove os-cloud-config-based Keystone # init anyway. keystone_client.users.find(name='nova') except kscexc.NotFound: keystone.initialize(keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = data.copy() service_data.pop('password_field', None) password_field = data.get('password_field') if password_field: service_data['password'] = utils.get_password( password_field) service_name = re.sub('v[0-9]+', '', service.capitalize() + 'InternalVip') internal_vip = service_ips.get(service_name) if internal_vip: service_data['internal_host'] = internal_vip services.update({service: service_data}) keystone.setup_endpoints(services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _deploy_postconfig(self, stack, parsed_args): self.log.debug("_deploy_postconfig(%s)" % parsed_args) overcloud_endpoint = utils.get_overcloud_endpoint(stack) # NOTE(jaosorior): The overcloud endpoint can contain an IP address or # an FQDN depending on how what it's configured to output in the # tripleo-heat-templates. Such a configuration can be done by # overriding the EndpointMap through parameter_defaults. overcloud_ip_or_fqdn = six.moves.urllib.parse.urlparse( overcloud_endpoint).hostname no_proxy = [os.environ.get('no_proxy'), overcloud_ip_or_fqdn] os.environ['no_proxy'] = ','.join( [x for x in no_proxy if x is not None]) service_ips = utils.get_service_ips(stack) utils.remove_known_hosts(overcloud_ip_or_fqdn) keystone_admin_ip = service_ips.get('KeystoneAdminVip') keystone_internal_ip = service_ips.get('KeystoneInternalVip') tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if not keystone_admin_ip: keystone_admin_ip = overcloud_ip_or_fqdn if not keystone_internal_ip: keystone_internal_ip = overcloud_ip_or_fqdn if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone.initialize( keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.iteritems(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = data.copy() service_data.pop('password_field', None) password_field = data.get('password_field') if password_field: service_data['password'] = utils.get_password(password_field) service_name = re.sub('v[0-9]+', '', service.capitalize() + 'InternalVip') internal_vip = service_ips.get(service_name) if internal_vip: service_data['internal_host'] = internal_vip services.update({service: service_data}) keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _deploy_postconfig(self, stack, parsed_args): self.log.debug("_deploy_postconfig(%s)" % parsed_args) passwords = self.passwords overcloud_endpoint = self._get_overcloud_endpoint(stack) overcloud_ip = six.moves.urllib.parse.urlparse( overcloud_endpoint).hostname no_proxy = [os.environ.get('no_proxy'), overcloud_ip] os.environ['no_proxy'] = ','.join( [x for x in no_proxy if x is not None]) service_ips = self._get_service_ips(stack) utils.remove_known_hosts(overcloud_ip) keystone_ip = service_ips.get('KeystoneInternalVip') if not keystone_ip: keystone_ip = overcloud_ip keystone.initialize( keystone_ip, passwords['OVERCLOUD_ADMIN_TOKEN'], '*****@*****.**', passwords['OVERCLOUD_ADMIN_PASSWORD'], public=overcloud_ip, user='******') # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.iteritems(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(utils.SERVICE_LIST): service_data = data.copy() service_data.pop('password_field', None) password_field = data.get('password_field') if password_field: service_data['password'] = passwords[password_field] service_name = re.sub('v[0-9]+', '', service.capitalize() + 'InternalVip') internal_vip = service_ips.get(service_name) if internal_vip: service_data['internal_host'] = internal_vip services.update({service: service_data}) keystone_client = clients.get_keystone_client( 'admin', passwords['OVERCLOUD_ADMIN_PASSWORD'], 'admin', overcloud_endpoint) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip) compute_client = clients.get_nova_bm_client( 'admin', passwords['OVERCLOUD_ADMIN_PASSWORD'], 'admin', overcloud_endpoint) compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')
def _deploy_postconfig(self, stack, parsed_args): self.log.debug("_deploy_postconfig(%s)" % parsed_args) overcloud_endpoint = utils.get_overcloud_endpoint(stack) overcloud_ip = six.moves.urllib.parse.urlparse( overcloud_endpoint).hostname no_proxy = [os.environ.get('no_proxy'), overcloud_ip] os.environ['no_proxy'] = ','.join( [x for x in no_proxy if x is not None]) service_ips = utils.get_service_ips(stack) utils.remove_known_hosts(overcloud_ip) keystone_ip = service_ips.get('KeystoneAdminVip') if not keystone_ip: keystone_ip = overcloud_ip # Note (spredzy): This was deprecated at the begining of # the Mitaka cycle. Should be good to remove for the # next N cycle. keystone.initialize(keystone_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), public=overcloud_ip, user=parsed_args.overcloud_ssh_user) # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.iteritems(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = data.copy() service_data.pop('password_field', None) password_field = data.get('password_field') if password_field: service_data['password'] = utils.get_password(password_field) service_name = re.sub('v[0-9]+', '', service.capitalize() + 'InternalVip') internal_vip = service_ips.get(service_name) if internal_vip: service_data['internal_host'] = internal_vip services.update({service: service_data}) # Note (spredzy): This was deprecated at the begining of # the Mitaka cycle. Should be good to remove for the # next N cycle. try: keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) keystone.setup_endpoints(services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip) except kscexc.Conflict: pass else: self.log.warning("Setting up keystone endpoints via " "os-cloud-config. This behavior is " "deprecated and will be removed in " "a future release. Please update " "your heat templates to a version " "that does Keystone initialization " "via Puppet.") compute_client = clients.get_nova_bm_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')