From fb6fde762d3ddfc1ab9251fcb145878d941dcdec Mon Sep 17 00:00:00 2001 From: okozachenko Date: Mon, 10 Aug 2020 22:29:34 +0300 Subject: [PATCH] Add applicationcredential to magnum Change-Id: Iae4b999ef765eb1e962772170915549fc5ad4aeb --- devstack/lib/magnum | 30 +++++++++--------------------- openstack_operator/magnum.py | 3 +++ 2 files changed, 12 insertions(+), 21 deletions(-) diff --git a/devstack/lib/magnum b/devstack/lib/magnum index 9d542dba..f75203ad 100644 --- a/devstack/lib/magnum +++ b/devstack/lib/magnum @@ -110,13 +110,7 @@ function configure_magnum { # ------------------------------------------------------------------ # SERVICE_PROJECT_NAME magnum service function create_magnum_accounts { - - create_service_user "magnum" "admin" - - # Create for Kubernetes Keystone auth - get_or_create_role k8s_admin - get_or_create_role k8s_developer - get_or_create_role k8s_viewer + echo noop } # create_magnum_conf() - Create a new magnum.conf file @@ -154,22 +148,16 @@ function create_magnum_conf { iniset $MAGNUM_CONF oslo_policy policy_file $MAGNUM_POLICY - iniset $MAGNUM_CONF keystone_auth auth_type password - iniset $MAGNUM_CONF keystone_auth username magnum - iniset $MAGNUM_CONF keystone_auth password $SERVICE_PASSWORD - iniset $MAGNUM_CONF keystone_auth project_name $SERVICE_PROJECT_NAME - iniset $MAGNUM_CONF keystone_auth project_domain_id default - iniset $MAGNUM_CONF keystone_auth user_domain_id default - - configure_auth_token_middleware $MAGNUM_CONF magnum - - iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_AUTH_URI_V3 - # FIXME(pauloewerton): keystone_authtoken section is deprecated. Remove it # after deprecation period. - iniset $MAGNUM_CONF keystone_authtoken www_authenticate_uri $KEYSTONE_SERVICE_URI_V3 - iniset $MAGNUM_CONF keystone_authtoken auth_url $KEYSTONE_AUTH_URI_V3 - iniset $MAGNUM_CONF keystone_authtoken auth_version v3 + kubernetes_ensure_resource secret/magnum-application-credential + MAGNUM_APPLICATION_CREDENTIAL_SECRET=$(get_data_from_secret magnum-application-credential openstack secret) + MAGNUM_APPLICATION_CREDENTIAL_ID=$(get_data_from_secret magnum-application-credential openstack id) + iniset $MAGNUM_CONF keystone_authtoken auth_url $KEYSTONE_SERVICE_URI + iniset $MAGNUM_CONF keystone_authtoken auth_type v3applicationcredential + iniset $MAGNUM_CONF keystone_authtoken application_credential_id $MAGNUM_APPLICATION_CREDENTIAL_ID + iniset $MAGNUM_CONF keystone_authtoken application_credential_secret $MAGNUM_APPLICATION_CREDENTIAL_SECRET + iniset $MAGNUM_CONF keystone_authtoken memcached_servers "mcrouter-memcached-magnum:11211" if is_fedora || is_suse; then # magnum defaults to /usr/local/bin, but fedora and suse pip like to diff --git a/openstack_operator/magnum.py b/openstack_operator/magnum.py index 4e59f304..bf42e39e 100644 --- a/openstack_operator/magnum.py +++ b/openstack_operator/magnum.py @@ -60,6 +60,9 @@ def create_or_resume(name, spec, **_): name=name, spec=spec) url = spec["ingress"]["host"] + # Create application credential + identity.ensure_application_credential(name="magnum") + # Create service and endpoints if "endpoint" not in spec: spec["endpoint"] = True