b2e10bfc5f
This change adds LDAP-related actions in the application lifecycle to
automatically configure resources required for multi-user access to the
OpenStack clients container.
Two hooks are leveraged by this change:
1) Pre apply:
- Verify if LDAP group `openstack` exists:
* If it doesn't, then create it.
- Create volume mount directory (/var/opt/openstack) and assign it
to the group `openstack` (with the right modes/permissions).
3) Post remove:
- Check if the volume mount directory contains one or more user
files created in subdirectories:
* If it does, then keep the directory;
* If it doesn't, then:
- Delete the volume mount directory;
- Delete all members from group `openstack`.
- Delete group `openstack`.
In addition to leveraging lifecycle hooks, this change also updates the
setup scripts -- to include more information about their purpose and to
standardize them as a whole -- and, in special, adds a new script,
called `local_openstackrc`, to configure the access to the OpenStack
clients container.
This script behaves similarly to the `local_starlingxrc` script [2], the
only difference being the extra step of setting up aliases in the
resulting openrc file.
[1] https://review.opendev.org/c/starlingx/openstack-armada-app/+/887369
[2] https://review.opendev.org/c/starlingx/utilities/+/887117
Test Plan:
PASS - Build python3-k8sapp-openstack package
PASS - Build stx-openstack-helm-fluxcd package
PASS - Build stx-openstack helm charts
PASS - Upload/apply stx-openstack
PASS - Verify that the group `openstack` exists
PASS - Verify that the volume mount directory belongs to it
PASS - Verify that the volume mount directory contains all setup scripts
With a local user, e.g., `sysadmin`:
PASS - Source admin-openrc
PASS - Verify that the OpenStack commands are functional
With an LDAP user, e.g., `admin`:
PASS - Make sure it's a member of group `openstack`
If not, login to `sysadmin` and run:
$ sudo ldapaddusertogroup admin openstack
PASS - Source local_openstackrc
PASS - Verify that the OpenStack commands are functional
PASS - Remove/delete stx-openstack
PASS - Verify that the volume mount directory was deleted
PASS - Verify that the group `openstack` was deleted
Story: 2010774
Task: 48351
Change-Id: I0d7c3c951984c2380928850a6a041b1920cd633d
Signed-off-by: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>
k8sapp-openstack
This project contains StarlingX Kubernetes application specific python plugins for the openstack application. These plugins are required to integrate the openstack application into the StarlingX application framework and to support the various StarlingX deployments.