Revert "Revert "Keystone Authtoken Cache: allow universal secret key to be set""

This reverts commit 90d070390d.

Change-Id: I017c6e9676b872e1aab21f9dc8aa2f93db58d49f
This commit is contained in:
Gage Hugo 2020-02-21 17:12:38 +00:00
parent 8c6269f719
commit f9dbba7043
34 changed files with 168 additions and 0 deletions

View File

@ -53,6 +53,10 @@ limitations under the License.
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.aodh.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.aodh.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.aodh.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.aodh.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.aodh.database.connection -}} {{- if empty .Values.conf.aodh.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "aodh" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.aodh.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "aodh" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.aodh.database "connection" -}}
{{- end -}} {{- end -}}

View File

@ -468,6 +468,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_version: v3 auth_version: v3
auth_type: password auth_type: password
memcache_security_strategy: ENCRYPT
service_credentials: service_credentials:
auth_type: password auth_type: password
interface: internal interface: internal

View File

@ -47,6 +47,9 @@ limitations under the License.
{{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}} {{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
{{- $_ := tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" -}} {{- $_ := tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" -}}

View File

@ -448,6 +448,8 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT
memcache_secret_key: null
database: database:
max_retries: -1 max_retries: -1
barbican_api: barbican_api:
@ -631,6 +633,13 @@ endpoints:
http: http:
default: 15672 default: 15672
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -28,6 +28,10 @@ limitations under the License.
{{- if empty .Values.conf.ceilometer.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.ceilometer.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.ceilometer.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.cache.memcache_servers -}} {{- if empty .Values.conf.ceilometer.cache.memcache_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.cache "memcache_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.cache "memcache_servers" -}}
{{- end -}} {{- end -}}

View File

@ -1877,6 +1877,13 @@ endpoints:
mongodb: mongodb:
default: 27017 default: 27017
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -47,6 +47,9 @@ limitations under the License.
{{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.cinder.database.connection -}} {{- if empty .Values.conf.cinder.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" -}}

View File

@ -856,6 +856,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_version: v3 auth_version: v3
auth_type: password auth_type: password
memcache_security_strategy: ENCRYPT
oslo_policy: oslo_policy:
policy_file: /etc/cinder/policy.yaml policy_file: /etc/cinder/policy.yaml
oslo_concurrency: oslo_concurrency:
@ -1385,6 +1386,13 @@ endpoints:
http: http:
default: 15672 default: 15672
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -28,6 +28,9 @@ limitations under the License.
{{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.congress.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}} {{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}}
{{- $_ := tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" -}} {{- $_ := tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" -}}

View File

@ -284,6 +284,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -51,6 +51,10 @@
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.designate.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.designate.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.designate.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.designate.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty (index .Values.conf.designate "storage:sqlalchemy").connection -}} {{- if empty (index .Values.conf.designate "storage:sqlalchemy").connection -}}
{{- $_ := tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set (index .Values.conf.designate "storage:sqlalchemy") "connection" -}} {{- $_ := tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set (index .Values.conf.designate "storage:sqlalchemy") "connection" -}}
{{- $_ := tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.designate.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.designate.database "connection" -}}

View File

@ -570,6 +570,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_version: v3 auth_version: v3
auth_type: password auth_type: password
memcache_security_strategy: ENCRYPT
logging: logging:
loggers: loggers:
keys: keys:

View File

@ -75,6 +75,12 @@ limitations under the License.
{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.glance_registry.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.glance.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.glance.database.connection -}} {{- if empty .Values.conf.glance.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" -}}

View File

@ -253,6 +253,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT
glance_store: glance_store:
rbd_store_chunk_size: 8 rbd_store_chunk_size: 8
rbd_store_replication: 3 rbd_store_replication: 3
@ -381,6 +382,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT
paste_deploy: paste_deploy:
flavor: keystone flavor: keystone
database: database:
@ -681,6 +683,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -70,6 +70,9 @@ limitations under the License.
{{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.heat.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.heat.database.connection -}} {{- if empty .Values.conf.heat.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" -}}

View File

@ -439,6 +439,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT
database: database:
max_retries: -1 max_retries: -1
trustee: trustee:
@ -950,6 +951,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -45,6 +45,9 @@ limitations under the License.
{{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.ironic.database.connection -}} {{- if empty .Values.conf.ironic.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" -}}

View File

@ -457,6 +457,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -47,6 +47,9 @@ limitations under the License.
{{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.magnum.database.connection -}} {{- if empty .Values.conf.magnum.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" -}}

View File

@ -129,6 +129,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT
api: api:
# NOTE(portdirect): the bind port should not be defined, and is manipulated # NOTE(portdirect): the bind port should not be defined, and is manipulated
# via the endpoints section. # via the endpoints section.
@ -428,6 +429,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -47,6 +47,9 @@ limitations under the License.
{{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.mistral.database.connection -}} {{- if empty .Values.conf.mistral.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" -}}

View File

@ -303,6 +303,13 @@ endpoints:
http: http:
default: 15672 default: 15672
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:
@ -461,6 +468,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT
logging: logging:
loggers: loggers:
keys: keys:

View File

@ -49,6 +49,9 @@ limitations under the License.
{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.memcached_servers -}} {{- if empty $envAll.Values.conf.neutron.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.neutron.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.neutron.keystone_authtoken "memcached_servers" -}}
{{- end }} {{- end }}
{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty $envAll.Values.conf.neutron.database.connection -}} {{- if empty $envAll.Values.conf.neutron.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.database "connection" -}}

View File

@ -1847,6 +1847,7 @@ conf:
ironic: ironic:
endpoint_type: internal endpoint_type: internal
keystone_authtoken: keystone_authtoken:
memcache_security_strategy: ENCRYPT
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
octavia: octavia:
@ -2169,6 +2170,13 @@ endpoints:
http: http:
default: 15672 default: 15672
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -48,6 +48,9 @@ limitations under the License.
{{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if .Values.conf.nova.service_user.send_service_user_token -}} {{- if .Values.conf.nova.service_user.send_service_user_token -}}
@ -211,6 +214,10 @@ limitations under the License.
{{- $_ := set .Values.conf.nova.ironic "auth_version" .Values.endpoints.identity.auth.ironic.auth_version -}} {{- $_ := set .Values.conf.nova.ironic "auth_version" .Values.endpoints.identity.auth.ironic.auth_version -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.ironic.memcache_secret_key -}}
{{- $_ := (default (randAlphaNum 64) .Values.endpoints.oslo_cache.auth.memcache_secret_key) | set .Values.conf.nova.ironic "memcache_secret_key" -}}
{{- end -}}
{{- if empty .Values.conf.nova.ironic.memcache_servers -}} {{- if empty .Values.conf.nova.ironic.memcache_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.ironic "memcache_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.ironic "memcache_servers" -}}
{{- end -}} {{- end -}}

View File

@ -1727,6 +1727,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT
service_user: service_user:
auth_type: password auth_type: password
send_service_user_token: false send_service_user_token: false
@ -1949,6 +1950,13 @@ endpoints:
http: http:
default: 15672 default: 15672
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -49,6 +49,9 @@ limitations under the License.
{{- if empty .Values.conf.octavia.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.octavia.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.octavia.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.octavia.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.octavia.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.octavia.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.octavia.service_auth.auth_url -}} {{- if empty .Values.conf.octavia.service_auth.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.octavia.service_auth "auth_url" -}} {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.octavia.service_auth "auth_url" -}}
@ -73,6 +76,9 @@ limitations under the License.
{{- if empty .Values.conf.octavia.service_auth.memcached_servers -}} {{- if empty .Values.conf.octavia.service_auth.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.octavia.service_auth "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.octavia.service_auth "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.octavia.service_auth.memcache_secret_key -}}
{{- $_ := set .Values.conf.octavia.service_auth "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.octavia.database.connection -}} {{- if empty .Values.conf.octavia.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.database "connection" -}}

View File

@ -220,6 +220,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT
certificates: certificates:
ca_private_key_passphrase: foobar ca_private_key_passphrase: foobar
ca_private_key: /etc/octavia/certs/private/cakey.pem ca_private_key: /etc/octavia/certs/private/cakey.pem
@ -259,6 +260,7 @@ conf:
auth_type: password auth_type: password
cafile: "" cafile: ""
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT
logging: logging:
loggers: loggers:
keys: keys:

View File

@ -53,6 +53,10 @@ limitations under the License.
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.panko.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.panko.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.panko.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.panko.database.connection -}} {{- if empty .Values.conf.panko.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "panko" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.panko.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "panko" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.panko.database "connection" -}}
{{- end -}} {{- end -}}

View File

@ -258,6 +258,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_version: v3 auth_version: v3
auth_type: password auth_type: password
memcache_security_strategy: ENCRYPT
logging: logging:
loggers: loggers:
keys: keys:

View File

@ -44,6 +44,9 @@ limitations under the License.
{{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.rally.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.rally.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.rally.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.rally.database.connection -}} {{- if empty .Values.conf.rally.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" -}}

View File

@ -280,6 +280,9 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
keystone_authtoken:
secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override:

View File

@ -48,6 +48,9 @@ limitations under the License.
{{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken "memcached_servers" -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken "memcached_servers" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.senlin.database.connection -}} {{- if empty .Values.conf.senlin.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" -}}

View File

@ -175,6 +175,7 @@ conf:
keystone_authtoken: keystone_authtoken:
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT
senlin_api: senlin_api:
# NOTE(portdirect): the bind port should not be defined, and is manipulated # NOTE(portdirect): the bind port should not be defined, and is manipulated
# via the endpoints section. # via the endpoints section.
@ -447,6 +448,13 @@ endpoints:
mysql: mysql:
default: 3306 default: 3306
oslo_cache: oslo_cache:
auth:
# NOTE(portdirect): this is used to define the value for keystone
# authtoken cache encryption key, if not set it will be populated
# automatically with a random value, but to take advantage of
# this feature all services should be set to use the same key,
# and memcache service.
memcache_secret_key: null
hosts: hosts:
default: memcached default: memcached
host_fqdn_override: host_fqdn_override: