From fc101416c81f74a20d207f3246c6eb0529fadf28 Mon Sep 17 00:00:00 2001 From: Hugo Brito Date: Fri, 24 May 2024 14:46:04 -0300 Subject: [PATCH] Create Keystone service and endpoints at bootstrap This commit creates the Keystone identity service and endpoints during keystone bootstrap configuration. This enables the Barbican service to create OpenStack secrets. Test Plan: PASS: Perform a complete deploy in a DC environment. PASS: Check that OpenStack secrets were created. PASS: Verify Barbican secrets can get on the subcloud with the correct payload. Closes-bug: 2067097 Change-Id: I3e76bb1ccdf0fd24adbbb714083fb6381d9290f9 Signed-off-by: Hugo Brito --- .../files/configure_keystone.py | 34 +++++++++++++++---- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/files/configure_keystone.py b/playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/files/configure_keystone.py index a7597ce0d..4b369ddce 100644 --- a/playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/files/configure_keystone.py +++ b/playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/files/configure_keystone.py @@ -6,17 +6,20 @@ # """ -Configure keystone by adding the services project, _member_ role and updating -the admin user to the correct e-mail address. +Configure keystone by adding the services project, _member_ role, updating +the admin user to the correct e-mail address, creating the identity service and +creating the initial (RegionOne) endpoints for keystone. """ import os +from subprocess import PIPE +from subprocess import Popen import sys -from subprocess import Popen, PIPE from sysinv.common import openstack_config_endpoints -from keystoneauth1 import loading, session +from keystoneauth1 import loading +from keystoneauth1 import session from keystoneclient.v3 import client @@ -36,10 +39,25 @@ ROLES_TO_CREATE = [ } ] -USERS_TO_UPDATE = [ +USERS_TO_UPDATE = [{"name": "admin", "email": "admin@localhost"}] + +SERVICES_TO_CREATE = [ { - "name": "admin", - "email": "admin@localhost" + "name": "keystone", + "description": "KeystoneService", + "type": "identity", + } +] + +ENDPOINTS_TO_CREATE = [ + { + "service": "keystone", + "region": "RegionOne", + "endpoints": { + "admin": "http://127.0.0.1:5000", + "internal": "http://127.0.0.1:5000", + "public": "http://127.0.0.1:5000", + }, } ] @@ -100,3 +118,5 @@ if __name__ == "__main__": openstack_config_endpoints.create_projects(keystone, PROJECTS_TO_CREATE) openstack_config_endpoints.create_roles(keystone, ROLES_TO_CREATE) openstack_config_endpoints.update_users(keystone, USERS_TO_UPDATE) + openstack_config_endpoints.create_services(keystone, SERVICES_TO_CREATE) + openstack_config_endpoints.create_endpoints(keystone, ENDPOINTS_TO_CREATE)