make keystone authentication variable
Change-Id: I553e0b64b17a863f90fdd72d6a53ac5757757003
diff --git a/README.rst b/README.rst
index 155f957..017b3a9 100644
--- a/README.rst
+++ b/README.rst
@@ -533,8 +533,6 @@
dns: 127.0.0.1
mtu: 9000
-
-
Keystone v3
-------------
@@ -562,6 +560,34 @@
version: '3'
...
+Without Keystone
+----------------
+
+.. code-block:: yaml
+
+ opencontrail:
+ ...
+ common:
+ ...
+ identity:
+ engine: none
+ token: none
+ password: none
+ ...
+ config:
+ ...
+ identity:
+ engine: none
+ password: none
+ token: none
+ ...
+ web:
+ ...
+ identity:
+ engine: none
+ password: none
+ token: none
+ ...
Usage
=====
diff --git a/metadata/service/client/cluster.yml b/metadata/service/client/cluster.yml
index 05e608b..d5dadbb 100644
--- a/metadata/service/client/cluster.yml
+++ b/metadata/service/client/cluster.yml
@@ -3,6 +3,7 @@
parameters:
opencontrail:
client:
+ version: 2.21
identity:
engine: keystone
host: ${_param:cluster_vip_address}
diff --git a/metadata/service/client/single.yml b/metadata/service/client/single.yml
index 92290b3..a48d2c9 100644
--- a/metadata/service/client/single.yml
+++ b/metadata/service/client/single.yml
@@ -3,6 +3,7 @@
parameters:
opencontrail:
client:
+ version: 2.21
identity:
engine: keystone
host: ${_param:cluster_local_address}
diff --git a/opencontrail/client.sls b/opencontrail/client.sls
index 386c9ee..af6e339 100644
--- a/opencontrail/client.sls
+++ b/opencontrail/client.sls
@@ -5,11 +5,13 @@
pkg.installed:
- names: {{ client.pkgs }}
+{%- if client.identity.engine == "keystone" %}
/etc/contrail/vnc_api_lib.ini:
file.managed:
- - source: salt://opencontrail/files/client_vnc_api_lib.ini
+ - source: salt://opencontrail/files/{{ client.version }}/client_vnc_api_lib.ini
- template: jinja
- require:
- pkg: opencontrail_client_packages
+{%- endif %}
{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/common.sls b/opencontrail/common.sls
index 6e82855..e9cf240 100644
--- a/opencontrail/common.sls
+++ b/opencontrail/common.sls
@@ -85,6 +85,7 @@
/etc/contrail:
file.directory
+{%- if common.identity.engine == "keystone" %}
/etc/contrail/service.token:
file.managed:
- contents: "{{ common.identity.token }}"
@@ -111,3 +112,4 @@
- template: jinja
- require:
- file: /etc/contrail
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/config.sls b/opencontrail/config.sls
index f6c1fba..ecf2fc5 100644
--- a/opencontrail/config.sls
+++ b/opencontrail/config.sls
@@ -111,12 +111,14 @@
- require:
- pkg: opencontrail_config_packages
+{%- if config.identity.engine == "keystone" %}
/etc/contrail/contrail-keystone-auth.conf:
file.managed:
- source: salt://opencontrail/files/{{ config.version }}/contrail-keystone-auth.conf
- template: jinja
- require:
- pkg: opencontrail_config_packages
+{%- endif %}
/etc/contrail/contrail-schema.conf:
file.managed:
diff --git a/opencontrail/files/client_vnc_api_lib.ini b/opencontrail/files/2.2/client_vnc_api_lib.ini
similarity index 99%
rename from opencontrail/files/client_vnc_api_lib.ini
rename to opencontrail/files/2.2/client_vnc_api_lib.ini
index ed4727a..40bfbb3 100644
--- a/opencontrail/files/client_vnc_api_lib.ini
+++ b/opencontrail/files/2.2/client_vnc_api_lib.ini
@@ -17,4 +17,4 @@
AUTHN_TENANT = {{ client.identity.tenant }}
AUTHN_USER = {{ client.identity.user }}
AUTHN_PASSWORD = {{ client.identity.password }}
-AUTHN_URL = /v2.0/tokens
\ No newline at end of file
+AUTHN_URL = /v2.0/tokens
diff --git a/opencontrail/files/2.2/config.global.js b/opencontrail/files/2.2/config.global.js
index 67ce1b4..d7ace86 100644
--- a/opencontrail/files/2.2/config.global.js
+++ b/opencontrail/files/2.2/config.global.js
@@ -6,12 +6,17 @@
var config = {};
config.orchestration = {};
+{%- if web.identity.engine == "keystone" %}
config.orchestration.Manager = 'openstack'
{%- if web.identity.version == "3" %}
config.multi_tenancy = {};
config.multi_tenancy.enabled = true;
{%- endif %}
+{%- else %}
+config.orchestration.Manager = 'none'
+{%- endif %}
+
/****************************************************************************
* This boolean flag indicates to communicate with Orchestration
* modules(networkManager, imageManager, computeManager, identityManager,
@@ -77,6 +82,7 @@
* An authority certificate to check the remote host against,
* if you do not want to specify then use ''
*****************************************************************************/
+{%- if web.identity.engine == "keystone" %}
config.networkManager = {};
config.networkManager.ip = '{{ web.master.host }}';
config.networkManager.port = '9696'
@@ -123,6 +129,7 @@
config.storageManager.apiVersion = ['v1'];
config.storageManager.strictSSL = false;
config.storageManager.ca = '';
+{%- endif %}
// VNConfig API server and port.
config.cnfg = {};
diff --git a/opencontrail/files/2.2/contrail-api.conf b/opencontrail/files/2.2/contrail-api.conf
index d5d2180..ff1ba58 100644
--- a/opencontrail/files/2.2/contrail-api.conf
+++ b/opencontrail/files/2.2/contrail-api.conf
@@ -18,7 +18,9 @@
redis_server_ip=$__contrail_redis_ip__
rabbit_server={{ config.message_queue.host }}
rabbit_port={{ config.message_queue.port }}
+{%- if config.identity.engine == "keystone" %}
auth=keystone
+{%- endif %}
#rabbit_port=5673{{ config.message_queue.port }}
[SECURITY]
@@ -27,6 +29,7 @@
certfile=/etc/contrail/ssl/certs/apiserver.pem
ca_certs=/etc/contrail/ssl/certs/ca.pem
+{%- if config.identity.engine == "keystone" %}
[KEYSTONE]
auth_host={{ config.identity.host }}
auth_protocol=http
@@ -40,3 +43,4 @@
project_name={{ config.identity.tenant }}
auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v3
{%- endif %}
+{%- endif %}
diff --git a/opencontrail/files/2.2/contrail-schema.conf b/opencontrail/files/2.2/contrail-schema.conf
index 83bed27..9532ed6 100644
--- a/opencontrail/files/2.2/contrail-schema.conf
+++ b/opencontrail/files/2.2/contrail-schema.conf
@@ -23,8 +23,10 @@
certfile=/etc/contrail/ssl/certs/schema_xfer.pem
ca_certs=/etc/contrail/ssl/certs/ca.pem
+{%- if config.identity.engine == "keystone" %}
[KEYSTONE]
admin_user={{ config.identity.user }}
admin_password={{ config.identity.password }}
admin_token={{ config.identity.token }}
admin_tenant_name={{ config.identity.tenant }}
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/2.2/contrail-svc-monitor.conf b/opencontrail/files/2.2/contrail-svc-monitor.conf
index 13fbd5b..48898a9 100644
--- a/opencontrail/files/2.2/contrail-svc-monitor.conf
+++ b/opencontrail/files/2.2/contrail-svc-monitor.conf
@@ -29,6 +29,7 @@
certfile=/etc/contrail/ssl/certs/svc_monitor.pem
ca_certs=/etc/contrail/ssl/certs/ca.pem
+{%- if config.identity.engine == "keystone" %}
[KEYSTONE]
auth_host={{ config.identity.host }}
auth_protocol=http
@@ -38,3 +39,4 @@
admin_password={{ config.identity.password }}
admin_token={{ config.identity.token }}
admin_tenant_name={{ config.identity.tenant }}
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/2.2/contrail-webui-userauth.js b/opencontrail/files/2.2/contrail-webui-userauth.js
index 760a304..97b10fb 100644
--- a/opencontrail/files/2.2/contrail-webui-userauth.js
+++ b/opencontrail/files/2.2/contrail-webui-userauth.js
@@ -6,6 +6,7 @@
/****************************************************************************
* Specify the authentication parameters for admin user
****************************************************************************/
+{%- if web.identity.engine == "keystone" %}
var auth = {};
auth.admin_user = '{{ web.identity.user }}';
auth.admin_password = '{{ web.identity.password }}';
@@ -13,3 +14,10 @@
auth.admin_tenant_name = '{{ web.identity.tenant }}';
auth.admin_domain = 'default';
module.exports = auth;
+{%- else %}
+var auth = {};
+auth.admin_user = 'admin';
+auth.admin_password = 'contrail123';
+auth.admin_token = '';
+module.exports = auth;
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/2.2/ctrl-details b/opencontrail/files/2.2/ctrl-details
index b9ded57..7dac73e 100644
--- a/opencontrail/files/2.2/ctrl-details
+++ b/opencontrail/files/2.2/ctrl-details
@@ -14,5 +14,3 @@
NOVA_PASSWORD={{ common.identity.password }}
NEUTRON_PASSWORD={{ common.identity.password }}
SERVICE_TENANT_NAME=service
-
-
diff --git a/opencontrail/files/2.2/vnc_api_lib.ini b/opencontrail/files/2.2/vnc_api_lib.ini
index df0e2a3..d5882f5 100644
--- a/opencontrail/files/2.2/vnc_api_lib.ini
+++ b/opencontrail/files/2.2/vnc_api_lib.ini
@@ -9,8 +9,10 @@
;BASE_URL = /tenants/infra ; common-prefix for all URLs
; Authentication settings (optional)
+{%- if config.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
AUTHN_PROTOCOL = http
AUTHN_SERVER= {{ config.identity.host }}
AUTHN_PORT = {{ config.identity.port }}
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/client_vnc_api_lib.ini b/opencontrail/files/3.0/client_vnc_api_lib.ini
similarity index 99%
copy from opencontrail/files/client_vnc_api_lib.ini
copy to opencontrail/files/3.0/client_vnc_api_lib.ini
index ed4727a..40bfbb3 100644
--- a/opencontrail/files/client_vnc_api_lib.ini
+++ b/opencontrail/files/3.0/client_vnc_api_lib.ini
@@ -17,4 +17,4 @@
AUTHN_TENANT = {{ client.identity.tenant }}
AUTHN_USER = {{ client.identity.user }}
AUTHN_PASSWORD = {{ client.identity.password }}
-AUTHN_URL = /v2.0/tokens
\ No newline at end of file
+AUTHN_URL = /v2.0/tokens
diff --git a/opencontrail/files/3.0/config.global.js b/opencontrail/files/3.0/config.global.js
index a01b2bb..ddb59bb 100644
--- a/opencontrail/files/3.0/config.global.js
+++ b/opencontrail/files/3.0/config.global.js
@@ -5,9 +5,13 @@
var config = {};
-config.orchestration = {};
-config.orchestration.Manager = 'openstack'
+config.orchestration = {};
+{%- if web.identity.engine == "keystone" %}
+config.orchestration.Manager = 'openstack'
+{%- else %}
+config.orchestration.Manager = 'none'
+{%- endif %}
/****************************************************************************
* This boolean flag indicates to communicate with Orchestration
* modules(networkManager, imageManager, computeManager, identityManager,
@@ -73,6 +77,7 @@
* An authority certificate to check the remote host against,
* if you do not want to specify then use ''
*****************************************************************************/
+{%- if web.identity.engine == "keystone" %}
config.networkManager = {};
config.networkManager.ip = '{{ web.master.host }}';
config.networkManager.port = '9696'
@@ -119,6 +124,7 @@
config.storageManager.apiVersion = ['v1'];
config.storageManager.strictSSL = false;
config.storageManager.ca = '';
+{%- endif %}
// VNConfig API server and port.
config.cnfg = {};
diff --git a/opencontrail/files/3.0/contrail-api.conf b/opencontrail/files/3.0/contrail-api.conf
index ef1192e..bf7f4e2 100644
--- a/opencontrail/files/3.0/contrail-api.conf
+++ b/opencontrail/files/3.0/contrail-api.conf
@@ -18,7 +18,9 @@
redis_server_ip=$__contrail_redis_ip__
rabbit_server={{ config.message_queue.host }}
rabbit_port={{ config.message_queue.port }}
+{%- if config.identity.engine == "keystone" %}
auth=keystone
+{%- endif %}
#rabbit_port=5673{{ config.message_queue.port }}
[SECURITY]
@@ -27,6 +29,7 @@
certfile=/etc/contrail/ssl/certs/apiserver.pem
ca_certs=/etc/contrail/ssl/certs/ca.pem
+{%- if config.identity.engine == "keystone" %}
[KEYSTONE]
auth_host={{ config.identity.host }}
auth_protocol=http
@@ -36,4 +39,4 @@
admin_token={{ config.identity.token }}
admin_tenant_name={{ config.identity.tenant }}
insecure=True
-
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/3.0/contrail-schema.conf b/opencontrail/files/3.0/contrail-schema.conf
index 83bed27..9532ed6 100644
--- a/opencontrail/files/3.0/contrail-schema.conf
+++ b/opencontrail/files/3.0/contrail-schema.conf
@@ -23,8 +23,10 @@
certfile=/etc/contrail/ssl/certs/schema_xfer.pem
ca_certs=/etc/contrail/ssl/certs/ca.pem
+{%- if config.identity.engine == "keystone" %}
[KEYSTONE]
admin_user={{ config.identity.user }}
admin_password={{ config.identity.password }}
admin_token={{ config.identity.token }}
admin_tenant_name={{ config.identity.tenant }}
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/3.0/contrail-svc-monitor.conf b/opencontrail/files/3.0/contrail-svc-monitor.conf
index 13fbd5b..48898a9 100644
--- a/opencontrail/files/3.0/contrail-svc-monitor.conf
+++ b/opencontrail/files/3.0/contrail-svc-monitor.conf
@@ -29,6 +29,7 @@
certfile=/etc/contrail/ssl/certs/svc_monitor.pem
ca_certs=/etc/contrail/ssl/certs/ca.pem
+{%- if config.identity.engine == "keystone" %}
[KEYSTONE]
auth_host={{ config.identity.host }}
auth_protocol=http
@@ -38,3 +39,4 @@
admin_password={{ config.identity.password }}
admin_token={{ config.identity.token }}
admin_tenant_name={{ config.identity.tenant }}
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/3.0/contrail-webui-userauth.js b/opencontrail/files/3.0/contrail-webui-userauth.js
index e1a19d7..29424ea 100644
--- a/opencontrail/files/3.0/contrail-webui-userauth.js
+++ b/opencontrail/files/3.0/contrail-webui-userauth.js
@@ -6,6 +6,7 @@
/****************************************************************************
* Specify the authentication parameters for admin user
****************************************************************************/
+ {%- if web.identity.engine == "keystone" %}
var auth = {};
auth.admin_user = '{{ web.identity.user }}';
auth.admin_password = '{{ web.identity.password }}';
@@ -13,3 +14,10 @@
auth.admin_tenant_name = '{{ web.identity.tenant }}';
module.exports = auth;
+{%- else %}
+var auth = {};
+auth.admin_user = 'admin';
+auth.admin_password = 'contrail123';
+auth.admin_token = '';
+module.exports = auth;
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/3.0/ctrl-details b/opencontrail/files/3.0/ctrl-details
index b9ded57..7dac73e 100644
--- a/opencontrail/files/3.0/ctrl-details
+++ b/opencontrail/files/3.0/ctrl-details
@@ -14,5 +14,3 @@
NOVA_PASSWORD={{ common.identity.password }}
NEUTRON_PASSWORD={{ common.identity.password }}
SERVICE_TENANT_NAME=service
-
-
diff --git a/opencontrail/files/3.0/vnc_api_lib.ini b/opencontrail/files/3.0/vnc_api_lib.ini
index 9465554..a66e1e4 100644
--- a/opencontrail/files/3.0/vnc_api_lib.ini
+++ b/opencontrail/files/3.0/vnc_api_lib.ini
@@ -9,9 +9,11 @@
;BASE_URL = /tenants/infra ; common-prefix for all URLs
; Authentication settings (optional)
+{%- if config.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
AUTHN_PROTOCOL = http
AUTHN_SERVER= {{ config.identity.host }}
AUTHN_PORT = {{ config.identity.port }}
AUTHN_URL = /v2.0/tokens
+{%- endif %}
\ No newline at end of file