Use service tokens in ironic

Change-Id: I738f605182cc7336ca2a363a51f8ae360536d5cc
This commit is contained in:
okozachenko 2024-08-08 12:22:04 +10:00
parent 5b6312f620
commit 0575e5da1a
4 changed files with 35 additions and 3 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Ironic description: OpenStack-Helm Ironic
name: ironic name: ironic
version: 0.2.17 version: 0.2.18
home: https://docs.openstack.org/ironic/latest/ home: https://docs.openstack.org/ironic/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Ironic/OpenStack_Project_Ironic_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Ironic/OpenStack_Project_Ironic_vertical.png
sources: sources:

View File

@ -47,6 +47,32 @@ limitations under the License.
{{- $_ := set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}} {{- $_ := set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}} {{- end -}}
{{- if .Values.conf.ironic.service_user.send_service_user_token -}}
{{- if empty .Values.conf.ironic.service_user.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ironic.service_user "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_user.region_name -}}
{{- $_ := set .Values.conf.ironic.service_user "region_name" .Values.endpoints.identity.auth.ironic.region_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_user.project_name -}}
{{- $_ := set .Values.conf.ironic.service_user "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_user.project_domain_name -}}
{{- $_ := set .Values.conf.ironic.service_user "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_user.user_domain_name -}}
{{- $_ := set .Values.conf.ironic.service_user "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_user.username -}}
{{- $_ := set .Values.conf.ironic.service_user "username" .Values.endpoints.identity.auth.ironic.username -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_user.password -}}
{{- $_ := set .Values.conf.ironic.service_user "password" .Values.endpoints.identity.auth.ironic.password -}}
{{- end -}}
{{- end -}}
{{- if empty .Values.conf.ironic.database.connection -}} {{- if empty .Values.conf.ironic.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" -}}
{{- end -}} {{- end -}}

View File

@ -119,6 +119,8 @@ conf:
inspector: inspector:
auth_type: password auth_type: password
keystone_authtoken: keystone_authtoken:
service_token_roles: service
service_token_roles_required: true
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
neutron: neutron:
@ -136,6 +138,9 @@ conf:
ipxe_enabled: true ipxe_enabled: true
service_catalog: service_catalog:
auth_type: password auth_type: password
service_user:
auth_type: password
send_service_user_token: true
swift: swift:
auth_url: null auth_url: null
oslo_policy: oslo_policy:
@ -471,7 +476,7 @@ endpoints:
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
glance: glance:
role: admin role: admin,service
region_name: RegionOne region_name: RegionOne
username: glance username: glance
password: password password: password
@ -479,7 +484,7 @@ endpoints:
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service
ironic: ironic:
role: admin role: admin,service
region_name: RegionOne region_name: RegionOne
username: ironic username: ironic
password: password password: password

View File

@ -21,4 +21,5 @@ ironic:
- 0.2.15 Allow enabling/disabling of conductor http and pxe containers and overriding their init and runtime scripts - 0.2.15 Allow enabling/disabling of conductor http and pxe containers and overriding their init and runtime scripts
- 0.2.16 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default - 0.2.16 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default
- 0.2.17 Allow overriding of hostNetwork and hostIPC for Ironic conductor - 0.2.17 Allow overriding of hostNetwork and hostIPC for Ironic conductor
- 0.2.18 Use service tokens
... ...