def _deploy_postconfig(self, stack, parsed_args):
self.log.debug("_deploy_postconfig(%s)" % parsed_args)
overcloud_endpoint = utils.get_overcloud_endpoint(stack)
# NOTE(jaosorior): The overcloud endpoint can contain an IP address or
# an FQDN depending on how what it's configured to output in the
# tripleo-heat-templates. Such a configuration can be done by
# overriding the EndpointMap through parameter_defaults.
overcloud_ip_or_fqdn = six.moves.urllib.parse.urlparse(
overcloud_endpoint).hostname
keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
no_proxy = os.environ.get('no_proxy', overcloud_ip_or_fqdn)
no_proxy_list = map(utils.bracket_ipv6,
[no_proxy, overcloud_ip_or_fqdn,
keystone_admin_ip])
os.environ['no_proxy'] = ','.join(
[x for x in no_proxy_list if x is not None])
utils.remove_known_hosts(overcloud_ip_or_fqdn)
if not self._endpoints_managed(stack):
self._keystone_init(overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, stack)
else:
self.log.debug("Keystone endpoints and services are managed by "
"puppet. Skipping post-config.")
def _get_base_service_data(self, service, data, stack):
service_data = {}
password_field = data.get('password_field')
if password_field:
service_data['password'] = utils.get_password(password_field)
# Set internal endpoint
service_name_internal = self._format_endpoint_name(service, 'internal')
service_data['internal_host'] = utils.get_endpoint(
service_name_internal, stack)
return service_data
def _get_base_service_data(self, service, data, stack):
service_data = {}
password_field = data.get('password_field')
if password_field:
service_data['password'] = utils.get_password(
password_field)
# Set internal endpoint
service_name_internal = self._format_endpoint_name(service, 'internal')
service_data['internal_host'] = utils.get_endpoint(
service_name_internal, stack)
return service_data
def _deploy_postconfig(self, stack, parsed_args):
self.log.debug("_deploy_postconfig(%s)" % parsed_args)
overcloud_endpoint = utils.get_overcloud_endpoint(stack)
# NOTE(jaosorior): The overcloud endpoint can contain an IP address or
# an FQDN depending on how what it's configured to output in the
# tripleo-heat-templates. Such a configuration can be done by
# overriding the EndpointMap through parameter_defaults.
overcloud_ip_or_fqdn = six.moves.urllib.parse.urlparse(
overcloud_endpoint).hostname
keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
no_proxy = os.environ.get('no_proxy', overcloud_ip_or_fqdn)
no_proxy_list = map(
utils.bracket_ipv6,
[no_proxy, overcloud_ip_or_fqdn, keystone_admin_ip])
os.environ['no_proxy'] = ','.join(
[x for x in no_proxy_list if x is not None])
utils.remove_known_hosts(overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, stack):
keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip)
keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip)
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone_client = occ_clients.get_keystone_client(
'admin',
utils.get_password(self.app.client_manager,
stack.stack_name,
'AdminPassword'),
'admin',
overcloud_endpoint)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
try:
keystone_client.services.find(name=service)
except kscexc.NotFound:
service_data = self._set_service_data(service, data, stack)
if service_data:
services.update({service: service_data})
if services:
# This was deprecated in Newton. The deprecation message and
# os-cloud-config keystone init should remain until at least the
# Pike release to ensure users have a chance to update their
# templates, including ones for the previous release.
self.log.warning('DEPRECATED: '
'It appears Keystone was not initialized by '
'Puppet. Will do initialization via '
'os-cloud-config, but this behavior is '
'deprecated. Please update your templates to a '
'version that has Puppet initialization of '
'Keystone.'
)
# NOTE(jaosorior): These ports will be None if the templates
# don't support the EndpointMap as an output yet. And so the
# default values will be taken.
public_port = None
admin_port = None
internal_port = None
endpoint_map = utils.get_endpoint_map(stack)
if endpoint_map:
public_port = endpoint_map.get('KeystonePublic').get('port')
admin_port = endpoint_map.get('KeystoneAdmin').get('port')
internal_port = endpoint_map.get(
'KeystoneInternal').get('port')
# TODO(rbrady): check usages of get_password
keystone.initialize(
keystone_admin_ip,
utils.get_password(self.app.client_manager,
stack.stack_name,
'AdminToken'),
'*****@*****.**',
utils.get_password(self.app.client_manager,
stack.stack_name,
'AdminPassword'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip,
public_port=public_port,
admin_port=admin_port,
internal_port=internal_port)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.items():
data.pop('ssl_port', None)
keystone.setup_endpoints(
services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, stack):
keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone_client = clients.get_keystone_client(
'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin',
overcloud_endpoint)
try:
# NOTE(bnemec): This assumes Nova will always be deployed, which
# in the future may not be true. However, hopefully by that time
# we'll be able to just remove os-cloud-config-based Keystone
# init anyway.
keystone_client.users.find(name='nova')
except kscexc.NotFound:
# NOTE(jaosorior): These ports will be None if the templates
# don't support the EndpointMap as an output yet. And so the
# default values will be taken.
public_port = None
admin_port = None
internal_port = None
endpoint_map = utils.get_endpoint_map(stack)
if endpoint_map:
public_port = endpoint_map.get('KeystonePublic').get('port')
admin_port = endpoint_map.get('KeystoneAdmin').get('port')
internal_port = endpoint_map.get('KeystoneInternal').get(
'port')
keystone.initialize(keystone_admin_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip,
public_port=public_port,
admin_port=admin_port,
internal_port=internal_port)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.items():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
service_data = self._set_service_data(service, data, stack)
if service_data:
services.update({service: service_data})
keystone.setup_endpoints(services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, stack):
keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone_client = clients.get_keystone_client(
'admin',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
'admin',
overcloud_endpoint)
try:
# NOTE(bnemec): This assumes Nova will always be deployed, which
# in the future may not be true. However, hopefully by that time
# we'll be able to just remove os-cloud-config-based Keystone
# init anyway.
keystone_client.users.find(name='nova')
except kscexc.NotFound:
# NOTE(jaosorior): These ports will be None if the templates
# don't support the EndpointMap as an output yet. And so the
# default values will be taken.
public_port = None
admin_port = None
internal_port = None
endpoint_map = utils.get_endpoint_map(stack)
if endpoint_map:
public_port = endpoint_map.get('KeystonePublic').get('port')
admin_port = endpoint_map.get('KeystoneAdmin').get('port')
internal_port = endpoint_map.get(
'KeystoneInternal').get('port')
keystone.initialize(
keystone_admin_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip,
public_port=public_port,
admin_port=admin_port,
internal_port=internal_port)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.items():
data.pop('ssl_port', None)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
service_data = self._set_service_data(service, data, stack)
if service_data:
services.update({service: service_data})
keystone.setup_endpoints(
services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn,
parsed_args, stack):
keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack)
keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip)
keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack)
keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip)
tls_enabled = self._is_tls_enabled(overcloud_endpoint)
keystone_tls_host = None
if tls_enabled:
# NOTE(jaosorior): This triggers set up the keystone endpoint with
# the https protocol and the required port set in
# keystone.initialize.
keystone_tls_host = overcloud_ip_or_fqdn
keystone_client = clients.get_keystone_client(
'admin',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
'admin',
overcloud_endpoint)
services = {}
for service, data in six.iteritems(constants.SERVICE_LIST):
try:
keystone_client.services.find(name=service)
except kscexc.NotFound:
service_data = self._set_service_data(service, data, stack)
if service_data:
services.update({service: service_data})
if services:
# This was deprecated in Newton. The deprecation message and
# os-cloud-config keystone init should remain until at least the
# Pike release to ensure users have a chance to update their
# templates, including ones for the previous release.
self.log.warning('DEPRECATED: '
'It appears Keystone was not initialized by '
'Puppet. Will do initialization via '
'os-cloud-config, but this behavior is '
'deprecated. Please update your templates to a '
'version that has Puppet initialization of '
'Keystone.'
)
# NOTE(jaosorior): These ports will be None if the templates
# don't support the EndpointMap as an output yet. And so the
# default values will be taken.
public_port = None
admin_port = None
internal_port = None
endpoint_map = utils.get_endpoint_map(stack)
if endpoint_map:
public_port = endpoint_map.get('KeystonePublic').get('port')
admin_port = endpoint_map.get('KeystoneAdmin').get('port')
internal_port = endpoint_map.get(
'KeystoneInternal').get('port')
keystone.initialize(
keystone_admin_ip,
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
'*****@*****.**',
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
ssl=keystone_tls_host,
public=overcloud_ip_or_fqdn,
user=parsed_args.overcloud_ssh_user,
admin=keystone_admin_ip,
internal=keystone_internal_ip,
public_port=public_port,
admin_port=admin_port,
internal_port=internal_port)
if not tls_enabled:
# NOTE(bcrochet): Bad hack. Remove the ssl_port info from the
# os_cloud_config.SERVICES dictionary
for service_name, data in keystone.SERVICES.items():
data.pop('ssl_port', None)
keystone.setup_endpoints(
services,
client=keystone_client,
os_auth_url=overcloud_endpoint,
public_host=overcloud_ip_or_fqdn)
