def test_get_endpoint_map(self): stack = mock.MagicMock() emap = {'KeystonePublic': {'uri': 'http://foo:8000/'}} stack.to_dict.return_value = { 'outputs': [{'output_key': 'EndpointMap', 'output_value': emap}] } endpoint_map = utils.get_endpoint_map(stack) self.assertEqual(endpoint_map, {'KeystonePublic': {'uri': 'http://foo:8000/'}})
def _set_service_data(self, service, data, stack): self.log.debug("Setting data for service '%s'" % service) service_data = data.copy() service_data.pop('password_field', None) endpoint_map = utils.get_endpoint_map(stack) try: service_data.update( self._get_base_service_data(service, data, stack)) except KeyError: output_source = "service IPs" if endpoint_map: output_source = "endpoint map" self.log.debug( ("Skipping \"{}\" postconfig because it wasn't found in the " "{} output").format(service, output_source)) return None if not endpoint_map: return service_data service_data.update(self._get_endpoint_data(service, endpoint_map, stack)) return service_data
def _set_service_data(self, service, data, stack): self.log.debug("Setting data for service '%s'" % service) service_data = data.copy() service_data.pop('password_field', None) endpoint_map = utils.get_endpoint_map(stack) try: service_data.update( self._get_base_service_data(service, data, stack)) except KeyError: output_source = "service IPs" if endpoint_map: output_source = "endpoint map" self.log.warning( ("Skipping \"{}\" postconfig because it wasn't found in the " "{} output").format(service, output_source)) return None if not endpoint_map: return service_data service_data.update( self._get_endpoint_data(service, endpoint_map, stack)) return service_data
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = occ_clients.get_keystone_client( 'admin', utils.get_password(self.app.client_manager, stack.stack_name, 'AdminPassword'), 'admin', overcloud_endpoint) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): try: keystone_client.services.find(name=service) except kscexc.NotFound: service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) if services: # This was deprecated in Newton. The deprecation message and # os-cloud-config keystone init should remain until at least the # Pike release to ensure users have a chance to update their # templates, including ones for the previous release. self.log.warning('DEPRECATED: ' 'It appears Keystone was not initialized by ' 'Puppet. Will do initialization via ' 'os-cloud-config, but this behavior is ' 'deprecated. Please update your templates to a ' 'version that has Puppet initialization of ' 'Keystone.' ) # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get( 'KeystoneInternal').get('port') # TODO(rbrady): check usages of get_password keystone.initialize( keystone_admin_ip, utils.get_password(self.app.client_manager, stack.stack_name, 'AdminToken'), '*****@*****.**', utils.get_password(self.app.client_manager, stack.stack_name, 'AdminPassword'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) try: # NOTE(bnemec): This assumes Nova will always be deployed, which # in the future may not be true. However, hopefully by that time # we'll be able to just remove os-cloud-config-based Keystone # init anyway. keystone_client.users.find(name='nova') except kscexc.NotFound: # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get('KeystoneInternal').get( 'port') keystone.initialize(keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) keystone.setup_endpoints(services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) try: # NOTE(bnemec): This assumes Nova will always be deployed, which # in the future may not be true. However, hopefully by that time # we'll be able to just remove os-cloud-config-based Keystone # init anyway. keystone_client.users.find(name='nova') except kscexc.NotFound: # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get( 'KeystoneInternal').get('port') keystone.initialize( keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)
def _keystone_init(self, overcloud_endpoint, overcloud_ip_or_fqdn, parsed_args, stack): keystone_admin_ip = utils.get_endpoint('KeystoneAdmin', stack) keystone_admin_ip = utils.unbracket_ipv6(keystone_admin_ip) keystone_internal_ip = utils.get_endpoint('KeystoneInternal', stack) keystone_internal_ip = utils.unbracket_ipv6(keystone_internal_ip) tls_enabled = self._is_tls_enabled(overcloud_endpoint) keystone_tls_host = None if tls_enabled: # NOTE(jaosorior): This triggers set up the keystone endpoint with # the https protocol and the required port set in # keystone.initialize. keystone_tls_host = overcloud_ip_or_fqdn keystone_client = clients.get_keystone_client( 'admin', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), 'admin', overcloud_endpoint) services = {} for service, data in six.iteritems(constants.SERVICE_LIST): try: keystone_client.services.find(name=service) except kscexc.NotFound: service_data = self._set_service_data(service, data, stack) if service_data: services.update({service: service_data}) if services: # This was deprecated in Newton. The deprecation message and # os-cloud-config keystone init should remain until at least the # Pike release to ensure users have a chance to update their # templates, including ones for the previous release. self.log.warning('DEPRECATED: ' 'It appears Keystone was not initialized by ' 'Puppet. Will do initialization via ' 'os-cloud-config, but this behavior is ' 'deprecated. Please update your templates to a ' 'version that has Puppet initialization of ' 'Keystone.' ) # NOTE(jaosorior): These ports will be None if the templates # don't support the EndpointMap as an output yet. And so the # default values will be taken. public_port = None admin_port = None internal_port = None endpoint_map = utils.get_endpoint_map(stack) if endpoint_map: public_port = endpoint_map.get('KeystonePublic').get('port') admin_port = endpoint_map.get('KeystoneAdmin').get('port') internal_port = endpoint_map.get( 'KeystoneInternal').get('port') keystone.initialize( keystone_admin_ip, utils.get_password('OVERCLOUD_ADMIN_TOKEN'), '*****@*****.**', utils.get_password('OVERCLOUD_ADMIN_PASSWORD'), ssl=keystone_tls_host, public=overcloud_ip_or_fqdn, user=parsed_args.overcloud_ssh_user, admin=keystone_admin_ip, internal=keystone_internal_ip, public_port=public_port, admin_port=admin_port, internal_port=internal_port) if not tls_enabled: # NOTE(bcrochet): Bad hack. Remove the ssl_port info from the # os_cloud_config.SERVICES dictionary for service_name, data in keystone.SERVICES.items(): data.pop('ssl_port', None) keystone.setup_endpoints( services, client=keystone_client, os_auth_url=overcloud_endpoint, public_host=overcloud_ip_or_fqdn)