Use service tokens in ironic
Change-Id: I738f605182cc7336ca2a363a51f8ae360536d5cc
This commit is contained in:
parent
5b6312f620
commit
0575e5da1a
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Ironic
|
description: OpenStack-Helm Ironic
|
||||||
name: ironic
|
name: ironic
|
||||||
version: 0.2.17
|
version: 0.2.18
|
||||||
home: https://docs.openstack.org/ironic/latest/
|
home: https://docs.openstack.org/ironic/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Ironic/OpenStack_Project_Ironic_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Ironic/OpenStack_Project_Ironic_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -47,6 +47,32 @@ limitations under the License.
|
|||||||
{{- $_ := set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
|
{{- $_ := set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- if .Values.conf.ironic.service_user.send_service_user_token -}}
|
||||||
|
|
||||||
|
{{- if empty .Values.conf.ironic.service_user.auth_url -}}
|
||||||
|
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ironic.service_user "auth_url" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ironic.service_user.region_name -}}
|
||||||
|
{{- $_ := set .Values.conf.ironic.service_user "region_name" .Values.endpoints.identity.auth.ironic.region_name -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ironic.service_user.project_name -}}
|
||||||
|
{{- $_ := set .Values.conf.ironic.service_user "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ironic.service_user.project_domain_name -}}
|
||||||
|
{{- $_ := set .Values.conf.ironic.service_user "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ironic.service_user.user_domain_name -}}
|
||||||
|
{{- $_ := set .Values.conf.ironic.service_user "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ironic.service_user.username -}}
|
||||||
|
{{- $_ := set .Values.conf.ironic.service_user "username" .Values.endpoints.identity.auth.ironic.username -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.ironic.service_user.password -}}
|
||||||
|
{{- $_ := set .Values.conf.ironic.service_user "password" .Values.endpoints.identity.auth.ironic.password -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.ironic.database.connection -}}
|
{{- if empty .Values.conf.ironic.database.connection -}}
|
||||||
{{- $_ := tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" -}}
|
{{- $_ := tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -119,6 +119,8 @@ conf:
|
|||||||
inspector:
|
inspector:
|
||||||
auth_type: password
|
auth_type: password
|
||||||
keystone_authtoken:
|
keystone_authtoken:
|
||||||
|
service_token_roles: service
|
||||||
|
service_token_roles_required: true
|
||||||
auth_type: password
|
auth_type: password
|
||||||
auth_version: v3
|
auth_version: v3
|
||||||
neutron:
|
neutron:
|
||||||
@ -136,6 +138,9 @@ conf:
|
|||||||
ipxe_enabled: true
|
ipxe_enabled: true
|
||||||
service_catalog:
|
service_catalog:
|
||||||
auth_type: password
|
auth_type: password
|
||||||
|
service_user:
|
||||||
|
auth_type: password
|
||||||
|
send_service_user_token: true
|
||||||
swift:
|
swift:
|
||||||
auth_url: null
|
auth_url: null
|
||||||
oslo_policy:
|
oslo_policy:
|
||||||
@ -471,7 +476,7 @@ endpoints:
|
|||||||
user_domain_name: default
|
user_domain_name: default
|
||||||
project_domain_name: default
|
project_domain_name: default
|
||||||
glance:
|
glance:
|
||||||
role: admin
|
role: admin,service
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: glance
|
username: glance
|
||||||
password: password
|
password: password
|
||||||
@ -479,7 +484,7 @@ endpoints:
|
|||||||
user_domain_name: service
|
user_domain_name: service
|
||||||
project_domain_name: service
|
project_domain_name: service
|
||||||
ironic:
|
ironic:
|
||||||
role: admin
|
role: admin,service
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: ironic
|
username: ironic
|
||||||
password: password
|
password: password
|
||||||
|
@ -21,4 +21,5 @@ ironic:
|
|||||||
- 0.2.15 Allow enabling/disabling of conductor http and pxe containers and overriding their init and runtime scripts
|
- 0.2.15 Allow enabling/disabling of conductor http and pxe containers and overriding their init and runtime scripts
|
||||||
- 0.2.16 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default
|
- 0.2.16 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default
|
||||||
- 0.2.17 Allow overriding of hostNetwork and hostIPC for Ironic conductor
|
- 0.2.17 Allow overriding of hostNetwork and hostIPC for Ironic conductor
|
||||||
|
- 0.2.18 Use service tokens
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user