[OC4.0] add opencontrail admin
In order to stop using shared credentials a
separate contrail admin user has to be created.
For contrail services this user will be used.
PROD-23356
Generation of unused files (keystonerc, openstackrc
and ctrl-details) has been removed from common.sls.
Change-Id: I6efe241d27a68b5f277bd43909e11c28ad027ace
diff --git a/metadata/service/control/analytics.yml b/metadata/service/control/analytics.yml
index b51a1fe..77ad856 100644
--- a/metadata/service/control/analytics.yml
+++ b/metadata/service/control/analytics.yml
@@ -7,7 +7,8 @@
opencontrail_version: 2.2
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
- keystone_admin_password: 'none'
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
keystone_service_token: 'none'
redis_password: 'none'
openstack_region: RegionOne
@@ -19,7 +20,7 @@
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
- password: '${_param:keystone_admin_password}'
+ password: '${_param:opencontrail_admin_password}'
network:
engine: neutron
host: ${_param:network_vip_address}
@@ -55,8 +56,8 @@
region: ${_param:openstack_region}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
alarm_gen:
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index d98a19e..399d330 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -7,7 +7,8 @@
opencontrail_version: 2.2
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
- keystone_admin_password: 'none'
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
keystone_service_token: 'none'
redis_password: 'none'
openstack_region: RegionOne
@@ -19,7 +20,7 @@
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
- password: '${_param:keystone_admin_password}'
+ password: '${_param:opencontrail_admin_password}'
network:
engine: neutron
host: ${_param:cluster_vip_address}
@@ -58,8 +59,8 @@
region: ${_param:openstack_region}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
members:
@@ -124,8 +125,8 @@
region: RegionOne
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
alarm_gen:
@@ -189,8 +190,8 @@
version: ${_param:opencontrail_identity_version}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
network:
diff --git a/metadata/service/control/container.yml b/metadata/service/control/container.yml
index 609a448..3d17d2d 100644
--- a/metadata/service/control/container.yml
+++ b/metadata/service/control/container.yml
@@ -40,8 +40,8 @@
region: RegionOne
host: ${_param:keystone_service_host}
port: 35357
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
opencontrail-collector:
@@ -99,8 +99,8 @@
version: '2.0'
host: ${_param:keystone_service_host}
port: 35357
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
network:
diff --git a/metadata/service/control/control.yml b/metadata/service/control/control.yml
index d033ccf..58b33fe 100644
--- a/metadata/service/control/control.yml
+++ b/metadata/service/control/control.yml
@@ -7,7 +7,8 @@
opencontrail_version: 2.2
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
- keystone_admin_password: 'none'
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
keystone_service_token: 'none'
openstack_region: RegionOne
redis_password: 'none'
@@ -19,7 +20,7 @@
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
- password: '${_param:keystone_admin_password}'
+ password: '${_param:opencontrail_admin_password}'
network:
engine: neutron
host: ${_param:cluster_vip_address}
@@ -58,8 +59,8 @@
region: ${_param:openstack_region}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
members:
@@ -151,8 +152,8 @@
region: RegionOne
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
network:
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index a63f28a..5c922fe 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -7,7 +7,8 @@
opencontrail_version: 2.2
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
- keystone_admin_password: 'none'
+ opencontrail_admin_password: 'none'
+ opencontrail_admin_user: 'contrail'
keystone_service_token: 'none'
openstack_region: RegionOne
redis_password: 'none'
@@ -19,7 +20,7 @@
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
- password: '${_param:keystone_admin_password}'
+ password: '${_param:opencontrail_admin_password}'
network:
engine: neutron
host: ${_param:single_address}
@@ -58,8 +59,8 @@
region: ${_param:openstack_region}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
members:
@@ -104,8 +105,8 @@
region: RegionOne
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
alarm_gen:
@@ -159,8 +160,8 @@
version: ${_param:opencontrail_identity_version}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
- user: admin
- password: '${_param:keystone_admin_password}'
+ user: ${_param:opencontrail_admin_user}
+ password: '${_param:opencontrail_admin_password}'
token: '${_param:keystone_service_token}'
tenant: admin
network: