Use actual session for ironic-inspector action population
python-ironic-inspector needs an actual session when creating the client, since it will try to fetch and furtherly validate the given version regardless if a version is explicitly given. This fetching and validation do calls to keystone which require credentials. Thus, I'm using mistral's service credentials to fetch the required info. Change-Id: I908552d2fb8ab4a5a3593f03f92ee6a31b672034
This commit is contained in:
parent
277b08ad9e
commit
81f16827e3
@ -388,7 +388,25 @@ class BaremetalIntrospectionAction(base.OpenStackAction):
|
||||
|
||||
@classmethod
|
||||
def _get_fake_client(cls):
|
||||
return cls._get_client_class()(1)
|
||||
try:
|
||||
# ironic-inspector client tries to get and validate it's own
|
||||
# version when created. This might require checking the keystone
|
||||
# catalog if the ironic-inspector server is not listening on the
|
||||
# localhost IP address. Thus, we get a session for this case.
|
||||
sess = keystone_utils.get_admin_session()
|
||||
|
||||
return cls._get_client_class()(session=sess)
|
||||
except Exception as e:
|
||||
LOG.warning("There was an error trying to create the "
|
||||
"ironic-inspector client using a session: %s" % str(e))
|
||||
# If it's not possible to establish a keystone session, attempt to
|
||||
# create a client without it. This should fall back to where the
|
||||
# ironic-inspector client tries to get it's own version on the
|
||||
# default IP address.
|
||||
LOG.debug("Attempting to create the ironic-inspector client "
|
||||
"without a session.")
|
||||
|
||||
return cls._get_client_class()()
|
||||
|
||||
def _get_client(self):
|
||||
ctx = context.ctx()
|
||||
|
@ -13,6 +13,8 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import keystoneauth1.identity.generic as auth_plugins
|
||||
from keystoneauth1 import session as ks_session
|
||||
from keystoneclient.v3 import client as ks_client
|
||||
from keystoneclient.v3.endpoints import Endpoint
|
||||
from oslo_config import cfg
|
||||
@ -130,3 +132,19 @@ def is_token_trust_scoped(auth_token):
|
||||
token_info = keystone_client.tokens.validate(auth_token)
|
||||
|
||||
return 'OS-TRUST:trust' in token_info
|
||||
|
||||
|
||||
def get_admin_session():
|
||||
"""Returns a keystone session from Mistral's service credentials."""
|
||||
|
||||
auth = auth_plugins.Password(
|
||||
CONF.keystone_authtoken.auth_uri,
|
||||
username=CONF.keystone_authtoken.admin_user,
|
||||
password=CONF.keystone_authtoken.admin_password,
|
||||
project_name=CONF.keystone_authtoken.admin_tenant_name,
|
||||
# NOTE(jaosorior): Once mistral supports keystone v3 properly, we can
|
||||
# fetch the following values from the configuration.
|
||||
user_domain_name='Default',
|
||||
project_domain_name='Default')
|
||||
|
||||
return ks_session.Session(auth=auth)
|
||||
|
@ -12,6 +12,7 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import keystonemiddleware.opts as keystonemw_opts
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
|
||||
@ -25,6 +26,14 @@ CONF = cfg.CONF
|
||||
|
||||
|
||||
def main():
|
||||
# NOTE(jaosorior): This is needed in order for db-sync to also register the
|
||||
# keystonemiddleware options. Those options are used by clients that need a
|
||||
# keystone session in order to be able to register their actions.
|
||||
# This can be removed when mistral moves out of using keystonemiddleware in
|
||||
# favor of keystoneauth1.
|
||||
for group, opts in keystonemw_opts.list_auth_token_opts():
|
||||
CONF.register_opts(opts, group=group)
|
||||
|
||||
config.parse_args()
|
||||
|
||||
if len(CONF.config_file) == 0:
|
||||
|
Loading…
x
Reference in New Issue
Block a user