def handle(self, request, data):
try:
plan = api.tuskar.Plan.get_the_plan(request)
controller_role = plan.get_role_by_name("controller")
stack = api.heat.Stack.get_by_plan(self.request, plan)
admin_token = plan.parameter_value(
controller_role.parameter_prefix + 'AdminToken')
admin_password = plan.parameter_value(
controller_role.parameter_prefix + 'AdminPassword')
admin_email = data['admin_email']
auth_ip = stack.keystone_ip
auth_url = stack.keystone_auth_url
auth_tenant = 'admin'
auth_user = '******'
# do the keystone init
keystone_config.initialize(auth_ip,
admin_token,
admin_email,
admin_password,
region='regionOne',
ssl=None,
public=None,
user='******',
pki_setup=False)
# retrieve needed Overcloud clients
keystone_client = clients.get_keystone_client(
auth_user, admin_password, auth_tenant, auth_url)
neutron_client = clients.get_neutron_client(
auth_user, admin_password, auth_tenant, auth_url)
# do the setup endpoints
keystone_config.setup_endpoints(self.build_endpoints(
plan, controller_role),
public_host=data['public_host'],
region=data['region'],
os_auth_url=auth_url,
client=keystone_client)
# do the neutron init
try:
neutron_config.initialize_neutron(
self.build_neutron_setup(data),
neutron_client=neutron_client,
keystone_client=keystone_client)
except neutron_exceptions.BadRequest as e:
LOG.info('Neutron has been already initialized.')
LOG.info(e.message)
except Exception as e:
LOG.exception(e)
horizon.exceptions.handle(request,
_("Unable to initialize Overcloud."))
return False
else:
msg = _('Overcloud has been initialized.')
horizon.messages.success(request, msg)
return True
def _deploy_postconfig(self, stack, parsed_args):
self.log.debug("_deploy_postconfig(%s)" % parsed_args)
passwords = self.passwords
overcloud_endpoint = self._get_overcloud_endpoint(stack)
overcloud_ip = six.moves.urllib.parse.urlparse(
overcloud_endpoint).hostname
no_proxy = [os.environ.get('no_proxy'), overcloud_ip]
os.environ['no_proxy'] = ','.join(
[x for x in no_proxy if x is not None])
service_ips = self._get_service_ips(stack)
utils.remove_known_hosts(overcloud_ip)
keystone_ip = service_ips.get('KeystoneInternalVip')
if not keystone_ip:
keystone_ip = overcloud_ip
keystone.initialize(keystone_ip,
passwords['OVERCLOUD_ADMIN_TOKEN'],
'*****@*****.**',
passwords['OVERCLOUD_ADMIN_PASSWORD'],
public=overcloud_ip,
user='******')
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.iteritems():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(utils.SERVICE_LIST):
service_data = data.copy()
service_data.pop('password_field', None)
password_field = data.get('password_field')
if password_field:
service_data['password'] = passwords[password_field]
service_name = re.sub('v[0-9]+', '',
service.capitalize() + 'InternalVip')
internal_vip = service_ips.get(service_name)
if internal_vip:
service_data['internal_host'] = internal_vip
services.update({service: service_data})
keystone_client = clients.get_keystone_client(
'admin', passwords['OVERCLOUD_ADMIN_PASSWORD'], 'admin',
overcloud_endpoint)
keystone.setup_endpoints(services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip)
compute_client = clients.get_nova_bm_client(
'admin', passwords['OVERCLOUD_ADMIN_PASSWORD'], 'admin',
overcloud_endpoint)
compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')
def handle(self, request, data):
try:
plan = api.tuskar.Plan.get_the_plan(request)
controller_role = plan.get_role_by_name("Controller")
stack = api.heat.Stack.get_by_plan(self.request, plan)
admin_token = plan.parameter_value(
controller_role.parameter_prefix + 'AdminToken')
admin_password = plan.parameter_value(
controller_role.parameter_prefix + 'AdminPassword')
admin_email = data['admin_email']
auth_ip = stack.keystone_ip
auth_url = stack.keystone_auth_url
auth_tenant = 'admin'
auth_user = '******'
# do the keystone init
keystone_config.initialize(
auth_ip, admin_token, admin_email, admin_password,
region='regionOne', ssl=None, public=None, user='******',
pki_setup=False)
# retrieve needed Overcloud clients
keystone_client = clients.get_keystone_client(
auth_user, admin_password, auth_tenant, auth_url)
neutron_client = clients.get_neutron_client(
auth_user, admin_password, auth_tenant, auth_url)
# do the setup endpoints
keystone_config.setup_endpoints(
self.build_endpoints(plan, controller_role),
public_host=data['public_host'],
region=data['region'],
os_auth_url=auth_url,
client=keystone_client)
# do the neutron init
try:
neutron_config.initialize_neutron(
self.build_neutron_setup(data),
neutron_client=neutron_client,
keystone_client=keystone_client)
except neutron_exceptions.BadRequest as e:
LOG.info('Neutron has been already initialized.')
LOG.info(e.message)
except Exception as e:
LOG.exception(e)
horizon.exceptions.handle(request,
_("Unable to initialize Overcloud."))
return False
else:
msg = _('Overcloud has been initialized.')
horizon.messages.success(request, msg)
return True
def test_setup_endpoints_ipv6(self):
self.client = mock.MagicMock()
self.client.users.find.side_effect = ksclient_v2.exceptions.NotFound()
self.client.services.findall.return_value = []
self.client.endpoints.findall.return_value = []
keystone.setup_endpoints(
{
'nova': {
'password': '******',
'type': 'compute',
'ssl_port': 1234
}
},
public_host='2001:db8:fd00:1000:f816:3eff:fec2:8e7c',
region='region',
client=self.client,
os_auth_url='https://[2001:db8:fd00:1000:f816:3eff:fec2:8e7c]')
self.client.users.find.assert_called_once_with(name='nova')
self.client.tenants.find.assert_called_once_with(name='service')
self.client.roles.find.assert_called_once_with(name='admin')
self.client.services.findall.assert_called_once_with(type='compute')
self.client.endpoints.findall.assert_called_once_with(
publicurl='https://[2001:db8:fd00:1000:f816:3eff:fec2:8e7c]'
':1234/v2.1/$(tenant_id)s')
self.client.users.create.assert_called_once_with(
'nova',
'pass',
tenant_id=self.client.tenants.find.return_value.id,
email='[email protected]')
self.client.roles.add_user_role.assert_called_once_with(
self.client.users.create.return_value,
self.client.roles.find.return_value,
self.client.tenants.find.return_value)
self.client.services.create.assert_called_once_with(
'nova', 'compute', description='Nova Compute Service')
ipv6_addr = '2001:db8:fd00:1000:f816:3eff:fec2:8e7c'
self.client.endpoints.create.assert_called_once_with(
'region', self.client.services.create.return_value.id,
'https://[%s]:1234/v2.1/$(tenant_id)s' % ipv6_addr,
'http://[%s]:8774/v2.1/$(tenant_id)s' % ipv6_addr,
'http://[%s]:8774/v2.1/$(tenant_id)s' % ipv6_addr)
def main(stdout=None):
args = parse_args()
environment._configure_logging(args)
if os.path.isfile(args.services):
with open(args.services, 'r') as service_file:
services = simplejson.load(service_file)
else:
# we assume it's just JSON string
services = simplejson.loads(args.services)
client = _clients.get_keystone_client()
keystone.setup_endpoints(services,
public_host=args.public_host,
region=args.region,
os_auth_url=os.environ["OS_AUTH_URL"],
client=client)
def main(stdout=None):
args = parse_args()
environment._configure_logging(args)
if os.path.isfile(args.services):
with open(args.services, 'r') as service_file:
services = simplejson.load(service_file)
else:
# we assume it's just JSON string
services = simplejson.loads(args.services)
client = _clients.get_keystone_client()
keystone.setup_endpoints(
services,
public_host=args.public_host,
region=args.region,
os_auth_url=os.environ["OS_AUTH_URL"],
client=client)
def main(stdout=None):
args = parse_args()
sys.stderr.write(args.services)
if os.path.isfile(args.services):
with open(args.services, 'r') as service_file:
services = simplejson.load(service_file)
else:
# we assume it's just JSON string
services = simplejson.loads(args.services)
keystone.setup_endpoints(
services,
public_host=args.public_host,
region=args.region,
os_username=os.environ["OS_USERNAME"],
os_password=os.environ["OS_PASSWORD"],
os_tenant_name=os.environ["OS_TENANT_NAME"],
os_auth_url=os.environ["OS_AUTH_URL"])
def test_setup_endpoints_ipv6(self):
self.client = mock.MagicMock()
self.client.users.find.side_effect = ksclient_v2.exceptions.NotFound()
self.client.services.findall.return_value = []
self.client.endpoints.findall.return_value = []
keystone.setup_endpoints(
{'nova': {'password': '******', 'type': 'compute',
'ssl_port': 1234}},
public_host='2001:db8:fd00:1000:f816:3eff:fec2:8e7c',
region='region', client=self.client,
os_auth_url='https://[2001:db8:fd00:1000:f816:3eff:fec2:8e7c]')
self.client.users.find.assert_called_once_with(name='nova')
self.client.tenants.find.assert_called_once_with(name='service')
self.client.roles.find.assert_called_once_with(name='admin')
self.client.services.findall.assert_called_once_with(type='compute')
self.client.endpoints.findall.assert_called_once_with(
publicurl='https://[2001:db8:fd00:1000:f816:3eff:fec2:8e7c]'
':1234/v2.1/$(tenant_id)s')
self.client.users.create.assert_called_once_with(
'nova', 'pass',
tenant_id=self.client.tenants.find.return_value.id,
email='[email protected]')
self.client.roles.add_user_role.assert_called_once_with(
self.client.users.create.return_value,
self.client.roles.find.return_value,
self.client.tenants.find.return_value)
self.client.services.create.assert_called_once_with(
'nova', 'compute', description='Nova Compute Service')
ipv6_addr = '2001:db8:fd00:1000:f816:3eff:fec2:8e7c'
self.client.endpoints.create.assert_called_once_with(
'region',
self.client.services.create.return_value.id,
'https://[%s]:1234/v2.1/$(tenant_id)s' % ipv6_addr,
'http://[%s]:8774/v2.1/$(tenant_id)s' % ipv6_addr,
'http://[%s]:8774/v2.1/$(tenant_id)s' % ipv6_addr)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, stack):
keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip)
keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip)
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone_client = occ_clients.get_keystone_client(
'admin',
utils.get_password(self.app.client_manager,
stack.stack_name,
'AdminPassword'),
'admin',
overcloud_endpoint)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
try:
keystone_client.services.find(name=service)
except kscexc.NotFound:
service_data = self._set_service_data(service, data, stack)
if service_data:
services.update({service: service_data})
if services:
# This was deprecated in Newton. The deprecation message and
# os-cloud-config keystone init should remain until at least the
# Pike release to ensure users have a chance to update their
# templates, including ones for the previous release.
self.log.warning('DEPRECATED: '
'It appears Keystone was not initialized by '
'Puppet. Will do initialization via '
'os-cloud-config, but this behavior is '
'deprecated. Please update your templates to a '
'version that has Puppet initialization of '
'Keystone.'
)
# NOTE(jaosorior): These ports will be None if the templates
# don't support the EndpointMap as an output yet. And so the
# default values will be taken.
public_port = None
admin_port = None
internal_port = None
endpoint_map = utils.get_endpoint_map(stack)
if endpoint_map:
public_port = endpoint_map.get('KeystonePublic').get('port')
admin_port = endpoint_map.get('KeystoneAdmin').get('port')
internal_port = endpoint_map.get(
'KeystoneInternal').get('port')
# TODO(rbrady): check usages of get_password
keystone.initialize(
keystone_admin_ip,
utils.get_password(self.app.client_manager,
stack.stack_name,
'AdminToken'),
'*****@*****.**',
utils.get_password(self.app.client_manager,
stack.stack_name,
'AdminPassword'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip,
public_port=public_port,
admin_port=admin_port,
internal_port=internal_port)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.items():
data.pop('ssl_port', None)
keystone.setup_endpoints(
services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _deploy_postconfig(self, stack, parsed_args):
self.log.debug("_deploy_postconfig(%s)" % parsed_args)
overcloud_endpoint = utils.get_overcloud_endpoint(stack)
# NOTE(jaosorior): The overcloud endpoint can contain an IP address or
# an FQDN depending on how what it's configured to output in the
# tripleo-heat-templates. Such a configuration can be done by
# overriding the EndpointMap through parameter_defaults.
overcloud_ip_or_fqdn = six.moves.urllib.parse.urlparse(
overcloud_endpoint).hostname
no_proxy = [os.environ.get('no_proxy'), overcloud_ip_or_fqdn]
os.environ['no_proxy'] = ','.join(
[x for x in no_proxy if x is not None])
service_ips = utils.get_service_ips(stack)
utils.remove_known_hosts(overcloud_ip_or_fqdn)
keystone_admin_ip = service_ips.get('KeystoneAdminVip')
keystone_internal_ip = service_ips.get('KeystoneInternalVip')
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if not keystone_admin_ip:
keystone_admin_ip = overcloud_ip_or_fqdn
if not keystone_internal_ip:
keystone_internal_ip = overcloud_ip_or_fqdn
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone.initialize(
keystone_admin_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.iteritems():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
service_data = data.copy()
service_data.pop('password_field', None)
password_field = data.get('password_field')
if password_field:
service_data['password'] = utils.get_password(password_field)
service_name = re.sub('v[0-9]+', '',
service.capitalize() + 'InternalVip')
internal_vip = service_ips.get(service_name)
if internal_vip:
service_data['internal_host'] = internal_vip
services.update({service: service_data})
keystone_client = clients.get_keystone_client(
'admin',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
'admin',
overcloud_endpoint)
keystone.setup_endpoints(
services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _deploy_postconfig(self, stack, parsed_args):
self.log.debug("_deploy_postconfig(%s)" % parsed_args)
overcloud_endpoint = utils.get_overcloud_endpoint(stack)
# NOTE(jaosorior): The overcloud endpoint can contain an IP address or
# an FQDN depending on how what it's configured to output in the
# tripleo-heat-templates. Such a configuration can be done by
# overriding the EndpointMap through parameter_defaults.
overcloud_ip_or_fqdn = six.moves.urllib.parse.urlparse(
overcloud_endpoint).hostname
no_proxy = [os.environ.get('no_proxy'), overcloud_ip_or_fqdn]
os.environ['no_proxy'] = ','.join(
[x for x in no_proxy if x is not None])
service_ips = utils.get_service_ips(stack)
utils.remove_known_hosts(overcloud_ip_or_fqdn)
keystone_admin_ip = service_ips.get('KeystoneAdminVip')
keystone_internal_ip = service_ips.get('KeystoneInternalVip')
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if not keystone_admin_ip:
keystone_admin_ip = overcloud_ip_or_fqdn
if not keystone_internal_ip:
keystone_internal_ip = overcloud_ip_or_fqdn
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone.initialize(keystone_admin_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.iteritems():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
service_data = data.copy()
service_data.pop('password_field', None)
password_field = data.get('password_field')
if password_field:
service_data['password'] = utils.get_password(password_field)
service_name = re.sub('v[0-9]+', '',
service.capitalize() + 'InternalVip')
internal_vip = service_ips.get(service_name)
if internal_vip:
service_data['internal_host'] = internal_vip
services.update({service: service_data})
keystone_client = clients.get_keystone_client(
'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin',
overcloud_endpoint)
keystone.setup_endpoints(services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, service_ips):
keystone_admin_ip = service_ips.get('KeystoneAdminVip')
keystone_internal_ip = service_ips.get('KeystoneInternalVip')
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if not keystone_admin_ip:
keystone_admin_ip = overcloud_ip_or_fqdn
if not keystone_internal_ip:
keystone_internal_ip = overcloud_ip_or_fqdn
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone_client = clients.get_keystone_client(
'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin',
overcloud_endpoint)
try:
# NOTE(bnemec): This assumes Nova will always be deployed, which
# in the future may not be true. However, hopefully by that time
# we'll be able to just remove os-cloud-config-based Keystone
# init anyway.
keystone_client.users.find(name='nova')
except kscexc.NotFound:
keystone.initialize(keystone_admin_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.items():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
service_data = data.copy()
service_data.pop('password_field', None)
password_field = data.get('password_field')
if password_field:
service_data['password'] = utils.get_password(
password_field)
service_name = re.sub('v[0-9]+', '',
service.capitalize() + 'InternalVip')
internal_vip = service_ips.get(service_name)
if internal_vip:
service_data['internal_host'] = internal_vip
services.update({service: service_data})
keystone.setup_endpoints(services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, stack):
keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone_client = clients.get_keystone_client(
'admin',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
'admin',
overcloud_endpoint)
try:
# NOTE(bnemec): This assumes Nova will always be deployed, which
# in the future may not be true. However, hopefully by that time
# we'll be able to just remove os-cloud-config-based Keystone
# init anyway.
keystone_client.users.find(name='nova')
except kscexc.NotFound:
# NOTE(jaosorior): These ports will be None if the templates
# don't support the EndpointMap as an output yet. And so the
# default values will be taken.
public_port = None
admin_port = None
internal_port = None
endpoint_map = utils.get_endpoint_map(stack)
if endpoint_map:
public_port = endpoint_map.get('KeystonePublic').get('port')
admin_port = endpoint_map.get('KeystoneAdmin').get('port')
internal_port = endpoint_map.get(
'KeystoneInternal').get('port')
keystone.initialize(
keystone_admin_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip,
public_port=public_port,
admin_port=admin_port,
internal_port=internal_port)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.items():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
service_data = self._set_service_data(service, data, stack)
if service_data:
services.update({service: service_data})
keystone.setup_endpoints(
services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, stack):
keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip)
keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip)
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone_client = clients.get_keystone_client(
'admin',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
'admin',
overcloud_endpoint)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
try:
keystone_client.services.find(name=service)
except kscexc.NotFound:
service_data = self._set_service_data(service, data, stack)
if service_data:
services.update({service: service_data})
if services:
# This was deprecated in Newton. The deprecation message and
# os-cloud-config keystone init should remain until at least the
# Pike release to ensure users have a chance to update their
# templates, including ones for the previous release.
self.log.warning('DEPRECATED: '
'It appears Keystone was not initialized by '
'Puppet. Will do initialization via '
'os-cloud-config, but this behavior is '
'deprecated. Please update your templates to a '
'version that has Puppet initialization of '
'Keystone.'
)
# NOTE(jaosorior): These ports will be None if the templates
# don't support the EndpointMap as an output yet. And so the
# default values will be taken.
public_port = None
admin_port = None
internal_port = None
endpoint_map = utils.get_endpoint_map(stack)
if endpoint_map:
public_port = endpoint_map.get('KeystonePublic').get('port')
admin_port = endpoint_map.get('KeystoneAdmin').get('port')
internal_port = endpoint_map.get(
'KeystoneInternal').get('port')
keystone.initialize(
keystone_admin_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip,
public_port=public_port,
admin_port=admin_port,
internal_port=internal_port)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.items():
data.pop('ssl_port', None)
keystone.setup_endpoints(
services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _deploy_postconfig(self, stack, parsed_args):
self.log.debug("_deploy_postconfig(%s)" % parsed_args)
overcloud_endpoint = utils.get_overcloud_endpoint(stack)
overcloud_ip = six.moves.urllib.parse.urlparse(
overcloud_endpoint).hostname
no_proxy = [os.environ.get('no_proxy'), overcloud_ip]
os.environ['no_proxy'] = ','.join(
[x for x in no_proxy if x is not None])
service_ips = utils.get_service_ips(stack)
utils.remove_known_hosts(overcloud_ip)
keystone_ip = service_ips.get('KeystoneAdminVip')
if not keystone_ip:
keystone_ip = overcloud_ip
# Note (spredzy): This was deprecated at the begining of
# the Mitaka cycle. Should be good to remove for the
# next N cycle.
keystone.initialize(
keystone_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
public=overcloud_ip,
user=parsed_args.overcloud_ssh_user)
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.iteritems():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
service_data = data.copy()
service_data.pop('password_field', None)
password_field = data.get('password_field')
if password_field:
service_data['password'] = utils.get_password(password_field)
service_name = re.sub('v[0-9]+', '',
service.capitalize() + 'InternalVip')
internal_vip = service_ips.get(service_name)
if internal_vip:
service_data['internal_host'] = internal_vip
services.update({service: service_data})
# Note (spredzy): This was deprecated at the begining of
# the Mitaka cycle. Should be good to remove for the
# next N cycle.
try:
keystone_client = clients.get_keystone_client(
'admin',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
'admin',
overcloud_endpoint)
keystone.setup_endpoints(
services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip)
except kscexc.Conflict:
pass
else:
self.log.warning("Setting up keystone endpoints via "
"os-cloud-config. This behavior is "
"deprecated and will be removed in "
"a future release. Please update "
"your heat templates to a version "
"that does Keystone initialization "
"via Puppet.")
compute_client = clients.get_nova_bm_client(
'admin',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
'admin',
overcloud_endpoint)
compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, service_ips):
keystone_admin_ip = service_ips.get('KeystoneAdminVip')
keystone_internal_ip = service_ips.get('KeystoneInternalVip')
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if not keystone_admin_ip:
keystone_admin_ip = overcloud_ip_or_fqdn
if not keystone_internal_ip:
keystone_internal_ip = overcloud_ip_or_fqdn
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone_client = clients.get_keystone_client(
'admin',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
'admin',
overcloud_endpoint)
try:
# NOTE(bnemec): This assumes Nova will always be deployed, which
# in the future may not be true. However, hopefully by that time
# we'll be able to just remove os-cloud-config-based Keystone
# init anyway.
keystone_client.users.find(name='nova')
except kscexc.NotFound:
keystone.initialize(
keystone_admin_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.items():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
service_data = data.copy()
service_data.pop('password_field', None)
password_field = data.get('password_field')
if password_field:
service_data['password'] = utils.get_password(
password_field)
service_name = re.sub('v[0-9]+', '',
service.capitalize() + 'InternalVip')
internal_vip = service_ips.get(service_name)
if internal_vip:
service_data['internal_host'] = internal_vip
services.update({service: service_data})
keystone.setup_endpoints(
services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, stack):
keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone_client = clients.get_keystone_client(
'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin',
overcloud_endpoint)
try:
# NOTE(bnemec): This assumes Nova will always be deployed, which
# in the future may not be true. However, hopefully by that time
# we'll be able to just remove os-cloud-config-based Keystone
# init anyway.
keystone_client.users.find(name='nova')
except kscexc.NotFound:
# NOTE(jaosorior): These ports will be None if the templates
# don't support the EndpointMap as an output yet. And so the
# default values will be taken.
public_port = None
admin_port = None
internal_port = None
endpoint_map = utils.get_endpoint_map(stack)
if endpoint_map:
public_port = endpoint_map.get('KeystonePublic').get('port')
admin_port = endpoint_map.get('KeystoneAdmin').get('port')
internal_port = endpoint_map.get('KeystoneInternal').get(
'port')
keystone.initialize(keystone_admin_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip,
public_port=public_port,
admin_port=admin_port,
internal_port=internal_port)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.items():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
service_data = self._set_service_data(service, data, stack)
if service_data:
services.update({service: service_data})
keystone.setup_endpoints(services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _deploy_postconfig(self, stack, parsed_args):
self.log.debug("_deploy_postconfig(%s)" % parsed_args)
passwords = self.passwords
overcloud_endpoint = self._get_overcloud_endpoint(stack)
overcloud_ip = six.moves.urllib.parse.urlparse(
overcloud_endpoint).hostname
no_proxy = [os.environ.get('no_proxy'), overcloud_ip]
os.environ['no_proxy'] = ','.join(
[x for x in no_proxy if x is not None])
service_ips = self._get_service_ips(stack)
utils.remove_known_hosts(overcloud_ip)
keystone_ip = service_ips.get('KeystoneInternalVip')
if not keystone_ip:
keystone_ip = overcloud_ip
keystone.initialize(
keystone_ip,
passwords['OVERCLOUD_ADMIN_TOKEN'],
'*****@*****.**',
passwords['OVERCLOUD_ADMIN_PASSWORD'],
public=overcloud_ip,
user='******')
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.iteritems():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(utils.SERVICE_LIST):
service_data = data.copy()
service_data.pop('password_field', None)
password_field = data.get('password_field')
if password_field:
service_data['password'] = passwords[password_field]
service_name = re.sub('v[0-9]+', '',
service.capitalize() + 'InternalVip')
internal_vip = service_ips.get(service_name)
if internal_vip:
service_data['internal_host'] = internal_vip
services.update({service: service_data})
keystone_client = clients.get_keystone_client(
'admin',
passwords['OVERCLOUD_ADMIN_PASSWORD'],
'admin',
overcloud_endpoint)
keystone.setup_endpoints(
services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip)
compute_client = clients.get_nova_bm_client(
'admin',
passwords['OVERCLOUD_ADMIN_PASSWORD'],
'admin',
overcloud_endpoint)
compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')
def _deploy_postconfig(self, stack, parsed_args):
self.log.debug("_deploy_postconfig(%s)" % parsed_args)
overcloud_endpoint = utils.get_overcloud_endpoint(stack)
overcloud_ip = six.moves.urllib.parse.urlparse(
overcloud_endpoint).hostname
no_proxy = [os.environ.get('no_proxy'), overcloud_ip]
os.environ['no_proxy'] = ','.join(
[x for x in no_proxy if x is not None])
service_ips = utils.get_service_ips(stack)
utils.remove_known_hosts(overcloud_ip)
keystone_ip = service_ips.get('KeystoneAdminVip')
if not keystone_ip:
keystone_ip = overcloud_ip
# Note (spredzy): This was deprecated at the begining of
# the Mitaka cycle. Should be good to remove for the
# next N cycle.
keystone.initialize(keystone_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
public=overcloud_ip,
user=parsed_args.overcloud_ssh_user)
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.iteritems():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
service_data = data.copy()
service_data.pop('password_field', None)
password_field = data.get('password_field')
if password_field:
service_data['password'] = utils.get_password(password_field)
service_name = re.sub('v[0-9]+', '',
service.capitalize() + 'InternalVip')
internal_vip = service_ips.get(service_name)
if internal_vip:
service_data['internal_host'] = internal_vip
services.update({service: service_data})
# Note (spredzy): This was deprecated at the begining of
# the Mitaka cycle. Should be good to remove for the
# next N cycle.
try:
keystone_client = clients.get_keystone_client(
'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
'admin', overcloud_endpoint)
keystone.setup_endpoints(services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip)
except kscexc.Conflict:
pass
else:
self.log.warning("Setting up keystone endpoints via "
"os-cloud-config. This behavior is "
"deprecated and will be removed in "
"a future release. Please update "
"your heat templates to a version "
"that does Keystone initialization "
"via Puppet.")
compute_client = clients.get_nova_bm_client(
'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin',
overcloud_endpoint)
compute_client.flavors.create('m1.demo', 512, 1, 10, 'auto')
