From 1c85fdc390e05eb578874e77fad9d4ec942da791 Mon Sep 17 00:00:00 2001 From: portdirect Date: Sun, 4 Mar 2018 08:23:33 -0500 Subject: [PATCH] Keystone Authtoken Cache: allow universal secret key to be set This PS allows a cache secret key for all instances of keystone middleware to be defined in a single location. Change-Id: I3d5c78732d8a8bb9110117130f0d886fea609526 Partial-Bug: 1753251 --- barbican/templates/configmap-etc.yaml | 8 +-- barbican/values.yaml | 8 +++ ceilometer/templates/configmap-etc.yaml | 3 + ceilometer/values.yaml | 7 ++ cinder/templates/configmap-etc.yaml | 8 +-- cinder/values.yaml | 7 ++ congress/templates/configmap-etc.yaml | 3 + congress/values.yaml | 7 ++ glance/templates/configmap-etc.yaml | 14 ++-- glance/values.yaml | 7 ++ gnocchi/templates/configmap-etc.yaml | 3 +- gnocchi/values.yaml | 7 ++ heat/templates/configmap-etc.yaml | 7 +- heat/values.yaml | 7 ++ ironic/templates/configmap-etc.yaml | 3 + ironic/values.yaml | 7 ++ magnum/templates/configmap-etc.yaml | 8 +-- magnum/values.yaml | 7 ++ mistral/templates/configmap-etc.yaml | 8 +-- mistral/values.yaml | 7 ++ neutron/templates/configmap-etc.yaml | 8 +-- neutron/values.yaml | 85 +++++++++++++------------ nova/templates/configmap-etc.yaml | 8 +-- nova/values.yaml | 7 ++ rally/templates/configmap-etc.yaml | 3 + rally/values.yaml | 3 + senlin/templates/configmap-etc.yaml | 8 +-- senlin/values.yaml | 7 ++ 28 files changed, 177 insertions(+), 88 deletions(-) diff --git a/barbican/templates/configmap-etc.yaml b/barbican/templates/configmap-etc.yaml index 9688041cf9..baf4fbba49 100644 --- a/barbican/templates/configmap-etc.yaml +++ b/barbican/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}} {{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.barbican.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}} {{- tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}} diff --git a/barbican/values.yaml b/barbican/values.yaml index 0fe9fdc889..42d875020a 100644 --- a/barbican/values.yaml +++ b/barbican/values.yaml @@ -389,6 +389,7 @@ conf: auth_type: password auth_version: v3 memcache_security_strategy: ENCRYPT + memcache_secret_key: null database: max_retries: -1 barbican_api: @@ -492,6 +493,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/ceilometer/templates/configmap-etc.yaml b/ceilometer/templates/configmap-etc.yaml index 892e44d5db..da0d74fe27 100644 --- a/ceilometer/templates/configmap-etc.yaml +++ b/ceilometer/templates/configmap-etc.yaml @@ -28,6 +28,9 @@ limitations under the License. {{- if empty .Values.conf.ceilometer.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.ceilometer.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.ceilometer.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.ceilometer.database.connection -}} {{- tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}} diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml index ea05c9f5ea..465a4a6945 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml @@ -1767,6 +1767,13 @@ endpoints: mongodb: default: 27017 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcache host_fqdn_override: diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index 1dc3144225..35a4477b06 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}} {{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cinder.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.cinder.database.connection -}} {{- tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}} diff --git a/cinder/values.yaml b/cinder/values.yaml index 70fca277ad..36d398ba0f 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -795,6 +795,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/congress/templates/configmap-etc.yaml b/congress/templates/configmap-etc.yaml index bf9c5a8ab7..169524f814 100644 --- a/congress/templates/configmap-etc.yaml +++ b/congress/templates/configmap-etc.yaml @@ -28,6 +28,9 @@ limitations under the License. {{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.congress.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.congress.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}} {{- tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" | quote | trunc 0 -}} diff --git a/congress/values.yaml b/congress/values.yaml index a28c8f0861..0d440e8bca 100644 --- a/congress/values.yaml +++ b/congress/values.yaml @@ -241,6 +241,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml index 79f50d9b08..bf90267a37 100644 --- a/glance/templates/configmap-etc.yaml +++ b/glance/templates/configmap-etc.yaml @@ -31,14 +31,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.glance.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} -{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.glance.keystone_authtoken.region_name -}} {{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}} {{- end -}} @@ -83,6 +75,12 @@ limitations under the License. {{- if empty .Values.conf.glance_registry.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.glance.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.glance.database.connection -}} {{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}} diff --git a/glance/values.yaml b/glance/values.yaml index 7393eb7e4e..ac08ada028 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -493,6 +493,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/gnocchi/templates/configmap-etc.yaml b/gnocchi/templates/configmap-etc.yaml index 4f804796b2..b25fa323dd 100644 --- a/gnocchi/templates/configmap-etc.yaml +++ b/gnocchi/templates/configmap-etc.yaml @@ -27,9 +27,8 @@ limitations under the License. {{- if empty .Values.conf.gnocchi.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.gnocchi.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. {{- if empty .Values.conf.gnocchi.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.gnocchi.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} +{{- set .Values.conf.gnocchi.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}} diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml index 0ca9a2d0ad..a29f56e10b 100644 --- a/gnocchi/values.yaml +++ b/gnocchi/values.yaml @@ -462,6 +462,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcache host_fqdn_override: diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml index c43d15c7b1..8a7f6a8aa8 100644 --- a/heat/templates/configmap-etc.yaml +++ b/heat/templates/configmap-etc.yaml @@ -25,10 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.heat.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} {{- if empty .Values.conf.heat.keystone_authtoken.region_name -}} {{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.heat.region_name | quote | trunc 0 -}} {{- end -}} @@ -80,6 +76,9 @@ limitations under the License. {{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.heat.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.heat.database.connection -}} {{- tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}} diff --git a/heat/values.yaml b/heat/values.yaml index d8848e1e64..940fddec2d 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -509,6 +509,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/ironic/templates/configmap-etc.yaml b/ironic/templates/configmap-etc.yaml index 2662983210..276289d9b6 100644 --- a/ironic/templates/configmap-etc.yaml +++ b/ironic/templates/configmap-etc.yaml @@ -45,6 +45,9 @@ limitations under the License. {{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.ironic.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.ironic.database.connection -}} {{- tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" | quote | trunc 0 -}} diff --git a/ironic/values.yaml b/ironic/values.yaml index 66cda3da71..e0f35d108f 100644 --- a/ironic/values.yaml +++ b/ironic/values.yaml @@ -335,6 +335,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/magnum/templates/configmap-etc.yaml b/magnum/templates/configmap-etc.yaml index 9f81f63e00..4923766ecd 100644 --- a/magnum/templates/configmap-etc.yaml +++ b/magnum/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}} {{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.magnum.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.magnum.database.connection -}} {{- tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}} diff --git a/magnum/values.yaml b/magnum/values.yaml index 82c608f948..18c493dd42 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -273,6 +273,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/mistral/templates/configmap-etc.yaml b/mistral/templates/configmap-etc.yaml index 447a01ef97..6782175a44 100644 --- a/mistral/templates/configmap-etc.yaml +++ b/mistral/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}} {{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.mistral.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.mistral.database.connection -}} {{- tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}} diff --git a/mistral/values.yaml b/mistral/values.yaml index b0dc5741bd..1a8198cd6c 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -246,6 +246,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 069599e3a3..f5bec14668 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end }} -# Set a random string as secret key. -{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}} {{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end }} +{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.neutron.database.connection -}} {{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}} diff --git a/neutron/values.yaml b/neutron/values.yaml index 509a4c200c..0e95d8b67e 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -1073,49 +1073,56 @@ secrets: endpoints: cluster_domain_suffix: cluster.local oslo_db: - auth: - admin: - username: root - password: password - neutron: - username: neutron - password: password - hosts: - default: mariadb - host_fqdn_override: - default: null - path: /neutron - scheme: mysql+pymysql - port: - mysql: - default: 3306 + auth: + admin: + username: root + password: password + neutron: + username: neutron + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /neutron + scheme: mysql+pymysql + port: + mysql: + default: 3306 oslo_messaging: - auth: - admin: + auth: + admin: username: rabbitmq password: password - neutron: - username: neutron - password: password - hosts: - default: rabbitmq - host_fqdn_override: - default: null - path: / - scheme: rabbit - port: - amqp: - default: 5672 - http: - default: 15672 + neutron: + username: neutron + password: password + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: / + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 oslo_cache: - hosts: - default: memcached - host_fqdn_override: - default: null - port: - memcache: - default: 11211 + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 compute: name: nova hosts: diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml index a0b12a00b8..9447efeb49 100644 --- a/nova/templates/configmap-etc.yaml +++ b/nova/templates/configmap-etc.yaml @@ -26,11 +26,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.nova.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.nova.keystone_authtoken.region_name -}} {{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}} {{- end -}} @@ -53,6 +48,9 @@ limitations under the License. {{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.nova.database.connection -}} {{- tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}} diff --git a/nova/values.yaml b/nova/values.yaml index 3acc561dfa..7bf8651d51 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -1140,6 +1140,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/rally/templates/configmap-etc.yaml b/rally/templates/configmap-etc.yaml index 9b235cac1a..c6fb44e04e 100644 --- a/rally/templates/configmap-etc.yaml +++ b/rally/templates/configmap-etc.yaml @@ -44,6 +44,9 @@ limitations under the License. {{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.rally.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.rally.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.rally.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.rally.database.connection -}} {{- tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}} diff --git a/rally/values.yaml b/rally/values.yaml index 753fc6c50c..6319d2a046 100644 --- a/rally/values.yaml +++ b/rally/values.yaml @@ -251,6 +251,9 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + keystone_authtoken: + secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/senlin/templates/configmap-etc.yaml b/senlin/templates/configmap-etc.yaml index aa32fcd676..0dcb3a97d4 100644 --- a/senlin/templates/configmap-etc.yaml +++ b/senlin/templates/configmap-etc.yaml @@ -26,11 +26,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.senlin.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}} {{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.senlin.region_name | quote | trunc 0 -}} {{- end -}} @@ -53,6 +48,9 @@ limitations under the License. {{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.senlin.database.connection -}} {{- tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}} diff --git a/senlin/values.yaml b/senlin/values.yaml index 43b69d6780..eaea61c614 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -286,6 +286,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: