Castellan context based on password instead of short-lived token.
Change-Id: I951869483981bba6b3522d152ac97922dcaab1b9 Signed-off-by: Pino de Candia <giuseppe.decandia@gmail.com>
This commit is contained in:
Pino de Candia
parent
3a5a9fbe03
commit
67436e32eb
@ -16,7 +16,7 @@ Q_FLOATING_ALLOCATION_POOL=start=172.24.4.10,end=172.24.4.200
|
|||||||
PUBLIC_NETWORK_NAME=public
|
PUBLIC_NETWORK_NAME=public
|
||||||
PUBLIC_NETWORK_GATEWAY=172.24.4.1
|
PUBLIC_NETWORK_GATEWAY=172.24.4.1
|
||||||
|
|
||||||
IMAGE_URL_SITE="http://download.fedoraproject.org"
|
_IMAGE_PREFIX="http://download.fedoraproject.org/pub/fedora/linux/releases"
|
||||||
IMAGE_URL_PATH="/pub/fedora/linux/releases/27/CloudImages/x86_64/images/"
|
_FEDORA25="/25/CloudImages/x86_64/images/Fedora-Cloud-Base-25-1.3.x86_64.qcow2"
|
||||||
IMAGE_URL_FILE="Fedora-Cloud-Base-27-1.6.x86_64.qcow2"
|
_FEDORA27="/27/CloudImages/x86_64/images/Fedora-Cloud-Base-27-1.6.x86_64.qcow2"
|
||||||
IMAGE_URLS+=","$IMAGE_URL_SITE$IMAGE_URL_PATH$IMAGE_URL_FILE
|
IMAGE_URLS+=","$_IMAGE_PREFIX$_FEDORA25","$_IMAGE_PREFIX$_FEDORA27
|
||||||
|
|||||||
@ -74,6 +74,13 @@ function configure_tatu {
|
|||||||
iniset $NOVA_CONF vendordata_dynamic_auth project_id $admin_project
|
iniset $NOVA_CONF vendordata_dynamic_auth project_id $admin_project
|
||||||
iniset $NOVA_CONF vendordata_dynamic_auth user_domain_name default
|
iniset $NOVA_CONF vendordata_dynamic_auth user_domain_name default
|
||||||
|
|
||||||
|
# Castellan (Barbican client) credentials
|
||||||
|
iniset $TATU_CONF key_manager auth_url $KEYSTONE_SERVICE_URI
|
||||||
|
iniset $TATU_CONF key_manager auth_type keystone_password
|
||||||
|
iniset $TATU_CONF key_manager user_id $admin_user
|
||||||
|
iniset $TATU_CONF key_manager password $ADMIN_PASSWORD
|
||||||
|
iniset $TATU_CONF key_manager project_id $admin_project
|
||||||
|
|
||||||
# General Configuration
|
# General Configuration
|
||||||
iniset_rpc_backend tatu $TATU_CONF DEFAULT
|
iniset_rpc_backend tatu $TATU_CONF DEFAULT
|
||||||
iniset $TATU_CONF DEFAULT rpc_response_timeout 5
|
iniset $TATU_CONF DEFAULT rpc_response_timeout 5
|
||||||
|
|||||||
@ -41,7 +41,7 @@ write_files:
|
|||||||
echo host public key is $host_pub_key
|
echo host public key is $host_pub_key
|
||||||
data=$(echo {\"token_id\": \"$token\", \"host_id\": \"$host_id\", \"pub_key\": \"$host_pub_key\"})
|
data=$(echo {\"token_id\": \"$token\", \"host_id\": \"$host_id\", \"pub_key\": \"$host_pub_key\"})
|
||||||
echo $data > /tmp/tatu_cert_request.json
|
echo $data > /tmp/tatu_cert_request.json
|
||||||
api=$(echo $vendordata | grep -Po '"api_endpoint": \K[^"]*')
|
api=$(echo $vendordata | grep -Po '"api_endpoint": "\K[^"]*')
|
||||||
url=$api/noauth/hostcerts
|
url=$api/noauth/hostcerts
|
||||||
echo Posting Host Certificate request to Tatu API at $url
|
echo Posting Host Certificate request to Tatu API at $url
|
||||||
response=$(curl -s -w "%{http_code}" -d "@/tmp/tatu_cert_request.json" -X POST $url)
|
response=$(curl -s -w "%{http_code}" -d "@/tmp/tatu_cert_request.json" -X POST $url)
|
||||||
@ -102,7 +102,7 @@ write_files:
|
|||||||
auth_id=$(echo $metadata | grep -Po 'project_id": "\K[^"]*')
|
auth_id=$(echo $metadata | grep -Po 'project_id": "\K[^"]*')
|
||||||
echo auth_id=$auth_id
|
echo auth_id=$auth_id
|
||||||
vendordata=$(cat /mnt/config/openstack/latest/vendor_data2.json)
|
vendordata=$(cat /mnt/config/openstack/latest/vendor_data2.json)
|
||||||
api=$(echo $vendordata | grep -Po '"api_endpoint": \K[^"]*')
|
api=$(echo $vendordata | grep -Po '"api_endpoint": "\K[^"]*')
|
||||||
url=$api/noauth/revokeduserkeys/$auth_id
|
url=$api/noauth/revokeduserkeys/$auth_id
|
||||||
echo Fetching revoked user keys from Tatu API at $url
|
echo Fetching revoked user keys from Tatu API at $url
|
||||||
response=$(curl -s -w "%{http_code}" $url)
|
response=$(curl -s -w "%{http_code}" $url)
|
||||||
|
|||||||
@ -10,6 +10,8 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
from castellan.common import utils as castellan_utils
|
||||||
|
from castellan.options import set_defaults as set_castellan_defaults
|
||||||
from designateclient.v2 import client as designate_client
|
from designateclient.v2 import client as designate_client
|
||||||
from keystoneauth1 import session as keystone_session
|
from keystoneauth1 import session as keystone_session
|
||||||
from keystoneauth1.identity import v3
|
from keystoneauth1.identity import v3
|
||||||
@ -19,7 +21,6 @@ from neutronclient.v2_0 import client as neutron_client
|
|||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_context import context
|
from oslo_context import context
|
||||||
from oslo_log import log as logging
|
from oslo_log import log as logging
|
||||||
from castellan.options import set_defaults as set_castellan_defaults
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
@ -106,5 +107,4 @@ if CONF.tatu.use_pat_bastions:
|
|||||||
DRAGONFLOW = api_nb.NbApi.get_instance(False)
|
DRAGONFLOW = api_nb.NbApi.get_instance(False)
|
||||||
|
|
||||||
# Create a context for use by Castellan
|
# Create a context for use by Castellan
|
||||||
CONTEXT = context.RequestContext(auth_token=auth.get_token(session),
|
CONTEXT = castellan_utils.credential_factory(conf=CONF)
|
||||||
tenant=auth.get_project_id(session))
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user