Fix OS_CLOUD for multistack and nova az tasks

The entry in clouds.yaml will correspond to the stack that deploys keystone. Therefore in a multistack deployment RootStackName will not be give the correct entry. Add a parameter to override this. Also clouds.yaml is owned by root and mode 0600 so we much use become: true. Update nova az tasks to use clouds.yaml. Change-Id: I7e97108d8165c16946b3b11f3084bfd51e3128dc
openstack-archive · Feb 4, 2022 · ceed5ac · ceed5ac
1 parent c4aa1e3
commit ceed5ac
Show file tree

Hide file tree

Showing 5 changed files with 68 additions and 15 deletions.
diff --git a/deployment/cinder/cinder-api-container-puppet.yaml b/deployment/cinder/cinder-api-container-puppet.yaml
@@ -102,6 +102,14 @@ parameters:
     description: |
       Use the advanced (eventlet safe) memcached client pool.
     default: true
+  AuthCloudName:
+    description: Entry in clouds.yaml to use for authentication
+    type: string
+    default: ""
+
+conditions:
+  auth_cloud_name_set:
+    not: {equals: [{get_param: AuthCloudName}, ""]}
 
 resources:
   ContainersCommon:
@@ -409,7 +417,11 @@ outputs:
         - name: Clean up legacy Cinder keystone catalog entries
           become: true
           openstack.cloud.catalog_service:
-            cloud: {get_param: RootStackName}
+            cloud:
+              if:
+                - auth_cloud_name_set
+                - {get_param: AuthCloudName}
+                - {get_param: RootStackName}
             name: "{{ item.service_name }}"
             service_type: "{{ item.service_type }}"
             state: absent
@@ -428,7 +440,11 @@ outputs:
           vars:
             default_volume_type: {get_param: CinderDefaultVolumeType}
           environment:
-            OS_CLOUD: {get_param: RootStackName}
+            OS_CLOUD:
+              if:
+                - auth_cloud_name_set
+                - {get_param: AuthCloudName}
+                - {get_param: RootStackName}
           when:
             - step|int == 5
             - not ansible_check_mode|bool

diff --git a/deployment/nova/nova-az-config.yaml b/deployment/nova/nova-az-config.yaml
@@ -40,10 +40,17 @@ parameters:
   RootStackName:
     description: The name of the stack/plan.
     type: string
+  AuthCloudName:
+    description: Entry in clouds.yaml to use for authentication
+    type: string
+    default: ""
+
 
 conditions:
   availability_zone_set:
     not: {equals: [{get_param: NovaComputeAvailabilityZone}, ""]}
+  auth_cloud_name_set:
+    not: {equals: [{get_param: AuthCloudName}, ""]}
 
 outputs:
   role_data:
@@ -63,10 +70,13 @@ outputs:
           when: "step|int == 1"
       external_post_deploy_tasks:
         - name: "Nova: Manage aggregate and availability zone and add hosts to the zone"
+          become: true
           environment:
-            # Force openstackclient to not try and read a clouds.yaml as none
-            # exists for the tripleo-admin user.
-            OS_CLIENT_CONFIG_FILE: /dev/null
+            OS_CLOUD:
+              if:
+                - auth_cloud_name_set
+                - {get_param: AuthCloudName}
+                - {get_param: RootStackName}
           os_nova_host_aggregate:
             name: &availability_zone
               if:
@@ -75,10 +85,3 @@ outputs:
                 - {get_param: RootStackName}
             availability_zone: *availability_zone
             hosts: "{{ groups['nova_compute'] | default([]) | map('extract', hostvars, 'nova_host') | select('defined') | list }}"
-            auth:
-              username: admin
-              password: {get_param: AdminPassword}
-              project_name: admin
-              project_domain_name: Default
-              user_domain_name: Default
-              auth_url: { get_param: [EndpointMap, KeystoneV3Public, uri] }
diff --git a/deployment/nova/nova-compute-container-puppet.yaml b/deployment/nova/nova-compute-container-puppet.yaml
@@ -817,6 +817,11 @@ parameters:
     description: >
       Disk cachemodes for RBD backend.
 
+  AuthCloudName:
+    description: Entry in clouds.yaml to use for authentication
+    type: string
+    default: ""
+
 parameter_groups:
 - label: deprecated
   description: |
@@ -828,6 +833,8 @@ parameter_groups:
   - NovaVcpuPinSet
 
 conditions:
+  auth_cloud_name_set:
+    not: {equals: [{get_param: AuthCloudName}, ""]}
   compute_startup_delay:
     and:
       - not: {equals: [{get_param: NovaComputeStartupDelay}, 0]}
@@ -1663,8 +1670,13 @@ outputs:
             - step|int == 1
             - container_cli == 'podman'
           tags: down
+          become: true
           environment:
-            OS_CLOUD: {get_param: RootStackName}
+            OS_CLOUD:
+              if:
+                - auth_cloud_name_set
+                - {get_param: AuthCloudName}
+                - {get_param: RootStackName}
           block:
             # Some tasks are running from the Undercloud which has
             # the OpenStack clients installed.

diff --git a/deployment/nova/nova-vnc-proxy-container-puppet.yaml b/deployment/nova/nova-vnc-proxy-container-puppet.yaml
@@ -106,8 +106,14 @@ parameters:
   RootStackName:
     description: The name of the stack/plan.
     type: string
+  AuthCloudName:
+    description: Entry in clouds.yaml to use for authentication
+    type: string
+    default: ""
 
 conditions:
+  auth_cloud_name_set:
+    not: {equals: [{get_param: AuthCloudName}, ""]}
   use_tls_for_vnc:
     and:
     - {get_param: EnableInternalTLS}
@@ -400,8 +406,13 @@ outputs:
       post_upgrade_tasks:
         - when:
             - step|int == 3
+          become: true
           environment:
-            OS_CLOUD: {get_param: RootStackName}
+            OS_CLOUD:
+              if:
+                - auth_cloud_name_set
+                - {get_param: AuthCloudName}
+                - {get_param: RootStackName}
           block:
             - name: Get nova-consoleauth service ID
               command: openstack compute service list --service nova-consoleauth --column ID  --column Host --format yaml

diff --git a/deployment/ovn/ovn-controller-container-puppet.yaml b/deployment/ovn/ovn-controller-container-puppet.yaml
@@ -160,8 +160,14 @@ parameters:
            provider: 00:00:5E:00:54:01
     tags:
       - role_specific
+  AuthCloudName:
+    description: Entry in clouds.yaml to use for authentication
+    type: string
+    default: ""
 
 conditions:
+  auth_cloud_name_set:
+    not: {equals: [{get_param: AuthCloudName}, ""]}
   ovn_cpu_set:
     or:
       - not: {equals: [{get_param: OVNContainerCpusetCpus}, '']}
@@ -462,8 +468,13 @@ outputs:
             - step|int == 1
             - container_cli == 'podman'
           tags: down
+          become: true
           environment:
-            OS_CLOUD: {get_param: RootStackName}
+            OS_CLOUD:
+              if:
+                - auth_cloud_name_set
+                - {get_param: AuthCloudName}
+                - {get_param: RootStackName}
           block:
             # Some tasks are running from the Undercloud which has
             # the OpenStack clients installed.