def _deploy_postconfig(self, stack, parsed_args): self.log.debug("_deploy_postconfig(%s)" % parsed_args) overcloud_endpoint = utils.get_overcloud_endpoint(stack) # NOTE(jaosorior): The overcloud endpoint can contain an IP address or # an FQDN depending on how what it's configured to output in the # tripleo-heat-templates. Such a configuration can be done by # overriding the EndpointMap through parameter_defaults. overcloud_ip_or_fqdn = six.moves.urllib.parse.urlparse( overcloud_endpoint).hostname keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) no_proxy = os.environ.get('no_proxy', overcloud_ip_or_fqdn) no_proxy_list = map(utils.bracket_ipv6, [no_proxy, overcloud_ip_or_fqdn, keystone_admin_ip]) os.environ['no_proxy'] = ','.join( [x for x in no_proxy_list if x is not None]) utils.remove_known_hosts(overcloud_ip_or_fqdn) if not self._endpoints_managed(stack): self._keystone_init(overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack) else: self.log.debug("Keystone endpoints and services are managed by " "puppet. Skipping post-config.")
def _get_base_service_data(self, service, data, stack): service_data = {} password_field = data.get('password_field') if password_field: service_data['password'] = utils.get_password(password_field) # Set internal endpoint service_name_internal = self._format_endpoint_name(service, 'internal') service_data['internal_host'] = utils.get_endpoint( service_name_internal, stack) return service_data
def _get_base_service_data(self, service, data, stack): service_data = {} password_field = data.get('password_field') if password_field: service_data['password'] = utils.get_password( password_field) # Set internal endpoint service_name_internal = self._format_endpoint_name(service, 'internal') service_data['internal_host'] = utils.get_endpoint( service_name_internal, stack) return service_data
def _deploy_postconfig(self, stack, parsed_args): self.log.debug("_deploy_postconfig(%s)" % parsed_args) overcloud_endpoint = utils.get_overcloud_endpoint(stack) # NOTE(jaosorior): The overcloud endpoint can contain an IP address or # an FQDN depending on how what it's configured to output in the # tripleo-heat-templates. Such a configuration can be done by # overriding the EndpointMap through parameter_defaults. overcloud_ip_or_fqdn = six.moves.urllib.parse.urlparse( overcloud_endpoint).hostname keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) no_proxy = os.environ.get('no_proxy', overcloud_ip_or_fqdn) no_proxy_list = map( utils.bracket_ipv6, [no_proxy, overcloud_ip_or_fqdn, keystone_admin_ip]) os.environ['no_proxy'] = ','.join( [x for x in no_proxy_list if x is not None]) utils.remove_known_hosts(overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = occ_clients.get_keystone_client( 'admin', utils.get_password(self.app.client_manager, stack.stack_name, 'AdminPassword'), 'admin', overcloud_endpoint) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): try: keystone_client.services.find(name=service) except kscexc.NotFound: service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) if services: # This was deprecated in Newton. The deprecation message and # os-cloud-config keystone init should remain until at least the # Pike release to ensure users have a chance to update their # templates, including ones for the previous release. self.log.warning('DEPRECATED: ' 'It appears Keystone was not initialized by ' 'Puppet. Will do initialization via ' 'os-cloud-config, but this behavior is ' 'deprecated. Please update your templates to a ' 'version that has Puppet initialization of ' 'Keystone.' ) # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get( 'KeystoneInternal').get('port') # TODO(rbrady): check usages of get_password keystone.initialize( keystone_admin_ip, utils.get_password(self.app.client_manager, stack.stack_name, 'AdminToken'), '*****@*****.**', utils.get_password(self.app.client_manager, stack.stack_name, 'AdminPassword'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) try: # NOTE(bnemec): This assumes Nova will always be deployed, which # in the future may not be true. However, hopefully by that time # we'll be able to just remove os-cloud-config-based Keystone # init anyway. keystone_client.users.find(name='nova') except kscexc.NotFound: # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get('KeystoneInternal').get( 'port') keystone.initialize(keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) keystone.setup_endpoints(services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) try: # NOTE(bnemec): This assumes Nova will always be deployed, which # in the future may not be true. However, hopefully by that time # we'll be able to just remove os-cloud-config-based Keystone # init anyway. keystone_client.users.find(name='nova') except kscexc.NotFound: # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get( 'KeystoneInternal').get('port') keystone.initialize( keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): try: keystone_client.services.find(name=service) except kscexc.NotFound: service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) if services: # This was deprecated in Newton. The deprecation message and # os-cloud-config keystone init should remain until at least the # Pike release to ensure users have a chance to update their # templates, including ones for the previous release. self.log.warning('DEPRECATED: ' 'It appears Keystone was not initialized by ' 'Puppet. Will do initialization via ' 'os-cloud-config, but this behavior is ' 'deprecated. Please update your templates to a ' 'version that has Puppet initialization of ' 'Keystone.' ) # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get( 'KeystoneInternal').get('port') keystone.initialize( keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)