Add config necessary to use Barbican with Murano

Murano offers optional Barbican integration for apps using sensitive data [0] This patch adds the necessary config pieces to allow these apps to work out of the box. [0] https://docs.openstack.org/murano/latest/admin/appdev-guide/encrypting_properties.html Change-Id: Ia78f53b12619deb518111a1c02c00d73bf5acdb1
2017-12-05 14:35:08 +00:00 · 2017-12-05 14:35:08 +00:00 · 1bcdf3932d
commit 1bcdf3932d
parent 09ca7d66d5
4 changed files with 21 additions and 2 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -477,6 +477,7 @@ ironic_keystone_user: "ironic"
 neutron_keystone_user: "neutron"
 nova_keystone_user: "nova"
 placement_keystone_user: "placement"
+murano_keystone_user: "murano"

 # Nova fake driver and the number of fake driver per compute node
 enable_nova_fake: "no"
--- a/ansible/roles/horizon/templates/local_settings.j2
+++ b/ansible/roles/horizon/templates/local_settings.j2
@ -830,3 +830,14 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
 # before loading any data into the admin views, set the following attribute to
 # True
 #ADMIN_FILTER_DATA_FIRST=False
+
+{% if enable_murano | bool and enable_barbican | bool %}
+KEY_MANAGER = {
+        'auth_url': '{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3',
+        'username': '{{ murano_keystone_user }}',
+        'user_domain_name': '{{ default_project_domain_name }}',
+        'password': '{{ murano_keystone_password }}',
+        'project_name': 'service',
+        'project_domain_name': '{{ default_project_domain_name }}'
+}
+{% endif %}
--- a/ansible/roles/murano/defaults/main.yml
+++ b/ansible/roles/murano/defaults/main.yml
@ -33,8 +33,6 @@ murano_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ mu

 murano_logging_debug: "{{ openstack_logging_debug }}"

-murano_keystone_user: "murano"
-
 openstack_murano_auth: "{{ openstack_auth }}"


--- a/ansible/roles/murano/templates/murano.conf.j2
+++ b/ansible/roles/murano/templates/murano.conf.j2
@ -48,4 +48,13 @@ port = {{ outward_rabbitmq_port }}
 login = {{ murano_agent_rabbitmq_user }}
 password = {{ murano_agent_rabbitmq_password }}
 virtual_host = {{ murano_agent_rabbitmq_vhost }}
+
+{% if enable_barbican | bool %}
+[key_manager]
+auth_type = keystone_password
+auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
+username = {{ murano_keystone_user }}
+password = {{ murano_keystone_password }}
+user_domain_name = {{ default_project_domain_name }}
+{% endif %}
 {% endif %}