diff --git a/barbican/templates/configmap-etc.yaml b/barbican/templates/configmap-etc.yaml index 881775feeb..860ee8ea07 100644 --- a/barbican/templates/configmap-etc.yaml +++ b/barbican/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}} {{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.barbican.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}} {{- tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}} diff --git a/barbican/values.yaml b/barbican/values.yaml index 8d1a5271b4..5afedb3b42 100644 --- a/barbican/values.yaml +++ b/barbican/values.yaml @@ -389,6 +389,7 @@ conf: auth_type: password auth_version: v3 memcache_security_strategy: ENCRYPT + memcache_secret_key: null database: max_retries: -1 barbican_api: @@ -494,6 +495,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/ceilometer/templates/configmap-etc.yaml b/ceilometer/templates/configmap-etc.yaml index 892e44d5db..da0d74fe27 100644 --- a/ceilometer/templates/configmap-etc.yaml +++ b/ceilometer/templates/configmap-etc.yaml @@ -28,6 +28,9 @@ limitations under the License. {{- if empty .Values.conf.ceilometer.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.ceilometer.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.ceilometer.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.ceilometer.database.connection -}} {{- tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}} diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml index 099ea7a123..e14819974a 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml @@ -1752,6 +1752,13 @@ endpoints: mongodb: default: 27017 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcache host_fqdn_override: diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index 63ea5ed167..c889bbbaca 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}} {{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cinder.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.cinder.database.connection -}} {{- tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}} diff --git a/cinder/values.yaml b/cinder/values.yaml index 2377c7016a..65b613bf3b 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -797,6 +797,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/congress/templates/configmap-etc.yaml b/congress/templates/configmap-etc.yaml index ebd3fe0873..af954667f8 100644 --- a/congress/templates/configmap-etc.yaml +++ b/congress/templates/configmap-etc.yaml @@ -28,6 +28,9 @@ limitations under the License. {{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.congress.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.congress.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}} {{- tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" | quote | trunc 0 -}} diff --git a/congress/values.yaml b/congress/values.yaml index 5209aafba1..c3457d79e0 100644 --- a/congress/values.yaml +++ b/congress/values.yaml @@ -241,6 +241,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml index 79f50d9b08..bf90267a37 100644 --- a/glance/templates/configmap-etc.yaml +++ b/glance/templates/configmap-etc.yaml @@ -31,14 +31,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.glance.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} -{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.glance.keystone_authtoken.region_name -}} {{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}} {{- end -}} @@ -83,6 +75,12 @@ limitations under the License. {{- if empty .Values.conf.glance_registry.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.glance.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.glance.database.connection -}} {{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}} diff --git a/glance/values.yaml b/glance/values.yaml index 7393eb7e4e..ac08ada028 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -493,6 +493,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/gnocchi/templates/configmap-etc.yaml b/gnocchi/templates/configmap-etc.yaml index ef42d8c15e..72c136eddd 100644 --- a/gnocchi/templates/configmap-etc.yaml +++ b/gnocchi/templates/configmap-etc.yaml @@ -27,9 +27,8 @@ limitations under the License. {{- if empty .Values.conf.gnocchi.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.gnocchi.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. {{- if empty .Values.conf.gnocchi.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.gnocchi.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} +{{- set .Values.conf.gnocchi.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}} diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml index da75683e67..6d6f7293ba 100644 --- a/gnocchi/values.yaml +++ b/gnocchi/values.yaml @@ -479,6 +479,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcache host_fqdn_override: diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml index 13e98a5ccf..305f35ed09 100644 --- a/heat/templates/configmap-etc.yaml +++ b/heat/templates/configmap-etc.yaml @@ -25,10 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.heat.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} {{- if empty .Values.conf.heat.keystone_authtoken.region_name -}} {{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.heat.region_name | quote | trunc 0 -}} {{- end -}} @@ -80,6 +76,9 @@ limitations under the License. {{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.heat.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.heat.database.connection -}} {{- tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}} diff --git a/heat/values.yaml b/heat/values.yaml index 3214b4d45d..765f06fb05 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -515,6 +515,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/ironic/templates/configmap-etc.yaml b/ironic/templates/configmap-etc.yaml index 2662983210..276289d9b6 100644 --- a/ironic/templates/configmap-etc.yaml +++ b/ironic/templates/configmap-etc.yaml @@ -45,6 +45,9 @@ limitations under the License. {{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.ironic.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.ironic.database.connection -}} {{- tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" | quote | trunc 0 -}} diff --git a/ironic/values.yaml b/ironic/values.yaml index 66cda3da71..e0f35d108f 100644 --- a/ironic/values.yaml +++ b/ironic/values.yaml @@ -335,6 +335,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/magnum/templates/configmap-etc.yaml b/magnum/templates/configmap-etc.yaml index 9f81f63e00..4923766ecd 100644 --- a/magnum/templates/configmap-etc.yaml +++ b/magnum/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}} {{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.magnum.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.magnum.database.connection -}} {{- tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}} diff --git a/magnum/values.yaml b/magnum/values.yaml index 82c608f948..18c493dd42 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -273,6 +273,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/mistral/templates/configmap-etc.yaml b/mistral/templates/configmap-etc.yaml index 20198c5939..542b5c7c7b 100644 --- a/mistral/templates/configmap-etc.yaml +++ b/mistral/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}} {{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.mistral.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.mistral.database.connection -}} {{- tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}} diff --git a/mistral/values.yaml b/mistral/values.yaml index e956bd5ee6..03a9736d1c 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -246,6 +246,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 9474be967e..2f325ebb3f 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end }} -# Set a random string as secret key. -{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}} {{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end }} +{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.neutron.database.connection -}} {{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}} diff --git a/neutron/values.yaml b/neutron/values.yaml index 3ffe65bc4f..fd04fd3341 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -1075,49 +1075,56 @@ secrets: endpoints: cluster_domain_suffix: cluster.local oslo_db: - auth: - admin: - username: root - password: password - neutron: - username: neutron - password: password - hosts: - default: mariadb - host_fqdn_override: - default: null - path: /neutron - scheme: mysql+pymysql - port: - mysql: - default: 3306 + auth: + admin: + username: root + password: password + neutron: + username: neutron + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /neutron + scheme: mysql+pymysql + port: + mysql: + default: 3306 oslo_messaging: - auth: - admin: + auth: + admin: username: rabbitmq password: password - neutron: - username: neutron - password: password - hosts: - default: rabbitmq - host_fqdn_override: - default: null - path: / - scheme: rabbit - port: - amqp: - default: 5672 - http: - default: 15672 + neutron: + username: neutron + password: password + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: / + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 oslo_cache: - hosts: - default: memcached - host_fqdn_override: - default: null - port: - memcache: - default: 11211 + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 compute: name: nova hosts: diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml index 195dc573a5..e7663f066e 100644 --- a/nova/templates/configmap-etc.yaml +++ b/nova/templates/configmap-etc.yaml @@ -26,11 +26,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.nova.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.nova.keystone_authtoken.region_name -}} {{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}} {{- end -}} @@ -53,6 +48,9 @@ limitations under the License. {{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.nova.database.connection -}} {{- tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}} diff --git a/nova/values.yaml b/nova/values.yaml index b2fd32c0ae..e2f0d92551 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -1138,6 +1138,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/rally/templates/configmap-etc.yaml b/rally/templates/configmap-etc.yaml index 9b235cac1a..c6fb44e04e 100644 --- a/rally/templates/configmap-etc.yaml +++ b/rally/templates/configmap-etc.yaml @@ -44,6 +44,9 @@ limitations under the License. {{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.rally.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.rally.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.rally.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.rally.database.connection -}} {{- tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}} diff --git a/rally/values.yaml b/rally/values.yaml index 753fc6c50c..6319d2a046 100644 --- a/rally/values.yaml +++ b/rally/values.yaml @@ -251,6 +251,9 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + keystone_authtoken: + secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/senlin/templates/configmap-etc.yaml b/senlin/templates/configmap-etc.yaml index 11fa9dcffb..50e95232df 100644 --- a/senlin/templates/configmap-etc.yaml +++ b/senlin/templates/configmap-etc.yaml @@ -26,11 +26,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.senlin.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}} {{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.senlin.region_name | quote | trunc 0 -}} {{- end -}} @@ -53,6 +48,9 @@ limitations under the License. {{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.senlin.database.connection -}} {{- tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}} diff --git a/senlin/values.yaml b/senlin/values.yaml index 3660d210d8..356098ec86 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -288,6 +288,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: