[OC4.0] add opencontrail admin
In order to stop using shared credentials a
separate contrail admin user has to be created.
For contrail services this user will be used.
PROD-23356
Generation of unused files (keystonerc, openstackrc
and ctrl-details) has been removed from common.sls.
Change-Id: I6efe241d27a68b5f277bd43909e11c28ad027ace
diff --git a/metadata/service/client/cluster.yml b/metadata/service/client/cluster.yml
index 3cfd124..337e9d0 100644
--- a/metadata/service/client/cluster.yml
+++ b/metadata/service/client/cluster.yml
@@ -6,6 +6,8 @@
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
openstack_control_address: 127.0.0.1
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
opencontrail:
client:
enabled: True
@@ -16,8 +18,8 @@
port: ${_param:opencontrail_identity_port}
version: ${_param:opencontrail_identity_version}
tenant: admin
- user: admin
- password: ${_param:keystone_admin_password}
+ user: ${_param:opencontrail_admin_user}
+ password: ${_param:opencontrail_admin_password}
api:
engine: contrail
host: ${_param:opencontrail_control_address}
diff --git a/metadata/service/client/single.yml b/metadata/service/client/single.yml
index 19f73eb..8d3a509 100644
--- a/metadata/service/client/single.yml
+++ b/metadata/service/client/single.yml
@@ -5,6 +5,8 @@
opencontrail_version: 3.0
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
opencontrail:
client:
enabled: True
@@ -15,8 +17,8 @@
port: ${_param:opencontrail_identity_port}
version: ${_param:opencontrail_identity_version}
tenant: admin
- user: admin
- password: ${_param:keystone_admin_password}
+ user: ${_param:opencontrail_admin_user}
+ password: ${_param:opencontrail_admin_password}
api:
engine: contrail
host: ${_param:cluster_local_address}
diff --git a/metadata/service/control/analytics.yml b/metadata/service/control/analytics.yml
index b51a1fe..77ad856 100644
--- a/metadata/service/control/analytics.yml
+++ b/metadata/service/control/analytics.yml
@@ -7,7 +7,8 @@
opencontrail_version: 2.2
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
- keystone_admin_password: 'none'
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
keystone_service_token: 'none'
redis_password: 'none'
openstack_region: RegionOne
@@ -19,7 +20,7 @@
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
- password: '${_param:keystone_admin_password}'
+ password: '${_param:opencontrail_admin_password}'
network:
engine: neutron
host: ${_param:network_vip_address}
@@ -55,8 +56,8 @@
region: ${_param:openstack_region}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
alarm_gen:
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index d98a19e..399d330 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -7,7 +7,8 @@
opencontrail_version: 2.2
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
- keystone_admin_password: 'none'
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
keystone_service_token: 'none'
redis_password: 'none'
openstack_region: RegionOne
@@ -19,7 +20,7 @@
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
- password: '${_param:keystone_admin_password}'
+ password: '${_param:opencontrail_admin_password}'
network:
engine: neutron
host: ${_param:cluster_vip_address}
@@ -58,8 +59,8 @@
region: ${_param:openstack_region}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
members:
@@ -124,8 +125,8 @@
region: RegionOne
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
alarm_gen:
@@ -189,8 +190,8 @@
version: ${_param:opencontrail_identity_version}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
network:
diff --git a/metadata/service/control/container.yml b/metadata/service/control/container.yml
index 609a448..3d17d2d 100644
--- a/metadata/service/control/container.yml
+++ b/metadata/service/control/container.yml
@@ -40,8 +40,8 @@
region: RegionOne
host: ${_param:keystone_service_host}
port: 35357
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
opencontrail-collector:
@@ -99,8 +99,8 @@
version: '2.0'
host: ${_param:keystone_service_host}
port: 35357
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
network:
diff --git a/metadata/service/control/control.yml b/metadata/service/control/control.yml
index d033ccf..58b33fe 100644
--- a/metadata/service/control/control.yml
+++ b/metadata/service/control/control.yml
@@ -7,7 +7,8 @@
opencontrail_version: 2.2
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
- keystone_admin_password: 'none'
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
keystone_service_token: 'none'
openstack_region: RegionOne
redis_password: 'none'
@@ -19,7 +20,7 @@
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
- password: '${_param:keystone_admin_password}'
+ password: '${_param:opencontrail_admin_password}'
network:
engine: neutron
host: ${_param:cluster_vip_address}
@@ -58,8 +59,8 @@
region: ${_param:openstack_region}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
members:
@@ -151,8 +152,8 @@
region: RegionOne
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
network:
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index a63f28a..5c922fe 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -7,7 +7,8 @@
opencontrail_version: 2.2
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
- keystone_admin_password: 'none'
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
keystone_service_token: 'none'
openstack_region: RegionOne
redis_password: 'none'
@@ -19,7 +20,7 @@
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
- password: '${_param:keystone_admin_password}'
+ password: '${_param:opencontrail_admin_password}'
network:
engine: neutron
host: ${_param:single_address}
@@ -58,8 +59,8 @@
region: ${_param:openstack_region}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
members:
@@ -104,8 +105,8 @@
region: RegionOne
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
alarm_gen:
@@ -159,8 +160,8 @@
version: ${_param:opencontrail_identity_version}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
network:
diff --git a/metadata/service/test/single.yml b/metadata/service/test/single.yml
index dcd37d9..a2d101e 100644
--- a/metadata/service/test/single.yml
+++ b/metadata/service/test/single.yml
@@ -3,6 +3,8 @@
parameters:
_param:
opencontrail_identity_port: 35357
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
opencontrail:
test:
enabled: True
@@ -33,9 +35,9 @@
service_token: ${_param:keystone_service_token}
service_tenant: service
admin_tenant: admin
- admin_name: admin
- admin_password: ${_param:keystone_admin_password}
- password: ${_param:keystone_admin_password}
+ admin_name: ${_param:opencontrail_admin_user}
+ admin_password: ${_param:opencontrail_admin_password}
+ password: ${_param:opencontrail_admin_password}
cacert: '/etc/ssl/certs/ca-certificates.crt'
bind:
address: 0.0.0.0