diff --git a/barbican/templates/configmap-etc.yaml b/barbican/templates/configmap-etc.yaml index 881775fe..860ee8ea 100644 --- a/barbican/templates/configmap-etc.yaml +++ b/barbican/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}} {{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.barbican.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}} {{- tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}} diff --git a/barbican/values.yaml b/barbican/values.yaml index 8d1a5271..5afedb3b 100644 --- a/barbican/values.yaml +++ b/barbican/values.yaml @@ -389,6 +389,7 @@ conf: auth_type: password auth_version: v3 memcache_security_strategy: ENCRYPT + memcache_secret_key: null database: max_retries: -1 barbican_api: @@ -494,6 +495,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/ceilometer/templates/configmap-etc.yaml b/ceilometer/templates/configmap-etc.yaml index 892e44d5..da0d74fe 100644 --- a/ceilometer/templates/configmap-etc.yaml +++ b/ceilometer/templates/configmap-etc.yaml @@ -28,6 +28,9 @@ limitations under the License. {{- if empty .Values.conf.ceilometer.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ceilometer.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.ceilometer.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.ceilometer.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.ceilometer.database.connection -}} {{- tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}} diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml index 099ea7a1..e1481997 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml @@ -1752,6 +1752,13 @@ endpoints: mongodb: default: 27017 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcache host_fqdn_override: diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index 63ea5ed1..c889bbba 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}} {{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cinder.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.cinder.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.cinder.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.cinder.database.connection -}} {{- tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}} diff --git a/cinder/values.yaml b/cinder/values.yaml index 2377c701..65b613bf 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -797,6 +797,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/congress/templates/configmap-etc.yaml b/congress/templates/configmap-etc.yaml index ebd3fe08..af954667 100644 --- a/congress/templates/configmap-etc.yaml +++ b/congress/templates/configmap-etc.yaml @@ -28,6 +28,9 @@ limitations under the License. {{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.congress.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.congress.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.congress.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.congress.keystone_authtoken.auth_url -}} {{- tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.congress.keystone_authtoken "auth_url" | quote | trunc 0 -}} diff --git a/congress/values.yaml b/congress/values.yaml index 5209aafb..c3457d79 100644 --- a/congress/values.yaml +++ b/congress/values.yaml @@ -241,6 +241,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml index 79f50d9b..bf90267a 100644 --- a/glance/templates/configmap-etc.yaml +++ b/glance/templates/configmap-etc.yaml @@ -31,14 +31,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.glance.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} -{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.glance.keystone_authtoken.region_name -}} {{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}} {{- end -}} @@ -83,6 +75,12 @@ limitations under the License. {{- if empty .Values.conf.glance_registry.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.glance.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.glance.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} +{{- if empty .Values.conf.glance_registry.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.glance_registry.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.glance.database.connection -}} {{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}} diff --git a/glance/values.yaml b/glance/values.yaml index 7393eb7e..ac08ada0 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -493,6 +493,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/gnocchi/templates/configmap-etc.yaml b/gnocchi/templates/configmap-etc.yaml index ef42d8c1..72c136ed 100644 --- a/gnocchi/templates/configmap-etc.yaml +++ b/gnocchi/templates/configmap-etc.yaml @@ -27,9 +27,8 @@ limitations under the License. {{- if empty .Values.conf.gnocchi.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.gnocchi.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. {{- if empty .Values.conf.gnocchi.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.gnocchi.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} +{{- set .Values.conf.gnocchi.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}} diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml index da75683e..6d6f7293 100644 --- a/gnocchi/values.yaml +++ b/gnocchi/values.yaml @@ -479,6 +479,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcache host_fqdn_override: diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml index 13e98a5c..305f35ed 100644 --- a/heat/templates/configmap-etc.yaml +++ b/heat/templates/configmap-etc.yaml @@ -25,10 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.heat.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} {{- if empty .Values.conf.heat.keystone_authtoken.region_name -}} {{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.heat.region_name | quote | trunc 0 -}} {{- end -}} @@ -80,6 +76,9 @@ limitations under the License. {{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.heat.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.heat.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.heat.database.connection -}} {{- tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}} diff --git a/heat/values.yaml b/heat/values.yaml index 3214b4d4..765f06fb 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -515,6 +515,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/ironic/templates/configmap-etc.yaml b/ironic/templates/configmap-etc.yaml index 26629832..276289d9 100644 --- a/ironic/templates/configmap-etc.yaml +++ b/ironic/templates/configmap-etc.yaml @@ -45,6 +45,9 @@ limitations under the License. {{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.ironic.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.ironic.database.connection -}} {{- tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" | quote | trunc 0 -}} diff --git a/ironic/values.yaml b/ironic/values.yaml index 66cda3da..e0f35d10 100644 --- a/ironic/values.yaml +++ b/ironic/values.yaml @@ -335,6 +335,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/magnum/templates/configmap-etc.yaml b/magnum/templates/configmap-etc.yaml index 9f81f63e..4923766e 100644 --- a/magnum/templates/configmap-etc.yaml +++ b/magnum/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}} {{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.magnum.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.magnum.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.magnum.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.magnum.database.connection -}} {{- tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}} diff --git a/magnum/values.yaml b/magnum/values.yaml index 82c608f9..18c493dd 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -273,6 +273,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/mistral/templates/configmap-etc.yaml b/mistral/templates/configmap-etc.yaml index 20198c59..542b5c7c 100644 --- a/mistral/templates/configmap-etc.yaml +++ b/mistral/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}} {{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.mistral.region_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.mistral.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.mistral.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.mistral.database.connection -}} {{- tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}} diff --git a/mistral/values.yaml b/mistral/values.yaml index e956bd5e..03a9736d 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -246,6 +246,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 9474be96..2f325ebb 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -25,11 +25,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end }} -# Set a random string as secret key. -{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}} {{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}} {{- end -}} @@ -52,6 +47,9 @@ limitations under the License. {{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end }} +{{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.neutron.database.connection -}} {{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}} diff --git a/neutron/values.yaml b/neutron/values.yaml index 3ffe65bc..fd04fd33 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -1075,49 +1075,56 @@ secrets: endpoints: cluster_domain_suffix: cluster.local oslo_db: - auth: - admin: - username: root - password: password - neutron: - username: neutron - password: password - hosts: - default: mariadb - host_fqdn_override: - default: null - path: /neutron - scheme: mysql+pymysql - port: - mysql: - default: 3306 + auth: + admin: + username: root + password: password + neutron: + username: neutron + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /neutron + scheme: mysql+pymysql + port: + mysql: + default: 3306 oslo_messaging: - auth: - admin: + auth: + admin: username: rabbitmq password: password - neutron: - username: neutron - password: password - hosts: - default: rabbitmq - host_fqdn_override: - default: null - path: / - scheme: rabbit - port: - amqp: - default: 5672 - http: - default: 15672 + neutron: + username: neutron + password: password + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: / + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 oslo_cache: - hosts: - default: memcached - host_fqdn_override: - default: null - port: - memcache: - default: 11211 + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 compute: name: nova hosts: diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml index 195dc573..e7663f06 100644 --- a/nova/templates/configmap-etc.yaml +++ b/nova/templates/configmap-etc.yaml @@ -26,11 +26,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.nova.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.nova.keystone_authtoken.region_name -}} {{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}} {{- end -}} @@ -53,6 +48,9 @@ limitations under the License. {{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.nova.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.nova.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.nova.database.connection -}} {{- tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}} diff --git a/nova/values.yaml b/nova/values.yaml index b2fd32c0..e2f0d925 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -1138,6 +1138,13 @@ endpoints: http: default: 15672 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/rally/templates/configmap-etc.yaml b/rally/templates/configmap-etc.yaml index 9b235cac..c6fb44e0 100644 --- a/rally/templates/configmap-etc.yaml +++ b/rally/templates/configmap-etc.yaml @@ -44,6 +44,9 @@ limitations under the License. {{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.rally.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.rally.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.rally.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.rally.database.connection -}} {{- tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}} diff --git a/rally/values.yaml b/rally/values.yaml index 753fc6c5..6319d2a0 100644 --- a/rally/values.yaml +++ b/rally/values.yaml @@ -251,6 +251,9 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + keystone_authtoken: + secret_key: null hosts: default: memcached host_fqdn_override: diff --git a/senlin/templates/configmap-etc.yaml b/senlin/templates/configmap-etc.yaml index 11fa9dcf..50e95232 100644 --- a/senlin/templates/configmap-etc.yaml +++ b/senlin/templates/configmap-etc.yaml @@ -26,11 +26,6 @@ limitations under the License. {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.senlin.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end -}} -# Set a random string as secret key. -{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}} -{{- randAlphaNum 64 | set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} -{{- end -}} - {{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}} {{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.senlin.region_name | quote | trunc 0 -}} {{- end -}} @@ -53,6 +48,9 @@ limitations under the License. {{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}} {{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.senlin.keystone_authtoken.memcache_secret_key -}} +{{- set .Values.conf.senlin.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} +{{- end -}} {{- if empty .Values.conf.senlin.database.connection -}} {{- tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}} diff --git a/senlin/values.yaml b/senlin/values.yaml index 3660d210..356098ec 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -288,6 +288,13 @@ endpoints: mysql: default: 3306 oslo_cache: + auth: + # NOTE(portdirect): this is used to define the value for keystone + # authtoken cache encryption key, if not set it will be populated + # automatically with a random value, but to take advantage of + # this feature all services should be set to use the same key, + # and memcache service. + memcache_secret_key: null hosts: default: memcached host_fqdn_override: