template openrc and clouds.yaml

Author: msherman64

site-config/globals.yml

@@ -85,6 +85,7 @@ keystone_identity_mappings:
 keystone_oidc_client_id: "keystone-ciab-dev"
 keystone_oidc_client_secret: "public"
 
+identity_provider_name: "{{ keystone_identity_providers[0].name }}"
 identity_provider_url: "{{ keystone_identity_providers[0].identifier }}"
 keystone_oidc_provider_metadata_url: "{{ identity_provider_url }}/.well-known/openid-configuration"
 keystone_federation_oidc_jwks_uri: "{{ identity_provider_url }}/protocol/openid-connect/certs"

site-config/node_custom_config/horizon/clouds.yaml.template

@@ -0,0 +1,35 @@
+# This is a clouds.yaml file, which can be used by OpenStack tools as a source
+# of configuration on how to connect to Chameleon.
+#
+# If you are only a member of one project, just put this file in
+# ~/.config/openstack/clouds.yaml and tools like the CLI will just work with no
+# further config. (You will need to add your password to the auth section)
+#
+# If you are a member of multiple projects, when invoking the CLI, provide
+# either the env variable OS_CLOUD=<project> or flag --os-cloud=<project> to
+# target your operation to the desired project, where <project> is the name
+# (or nickname, if set) of your project.
+
+clouds:
+{% raw %}
+  {{ cloud_name }}:
+    auth:
+      auth_url: {{ auth_url }}
+      username: {{ user.username }}
+      project_id: {{ tenant_id }}
+      project_name: {{ tenant_name }}
+  {% if user.is_federated %}
+      protocol: openid
+{% endraw %}
+      identity_provider: {{ identity_provider_name }}
+      discovery_endpoint: {{ identity_provider_url }}/.well-known/openid-configuration
+      client_id: {{ keystone_oidc_client_id }}
+{% raw %}
+      access_token_type: access_token
+      client_secret: none
+      project_domain_name: {{ user_domain_name }}
+    auth_type: v3oidcpassword
+  {% else %}
+    auth_type: v3password
+  {% endif %}
+{% endraw %}

site-config/node_custom_config/horizon/openrc.sh.template

@@ -0,0 +1,31 @@
+{% raw -%}
+{% load shellfilter %}#!/usr/bin/env bash
+export OS_AUTH_URL={{ auth_url }}/v3
+export OS_IDENTITY_API_VERSION=3
+export OS_INTERFACE={{ interface }}
+export OS_PROJECT_ID="{{ tenant_id|shellfilter }}"
+export OS_USERNAME="{{ user.username|shellfilter }}"
+{% if user.is_federated %}
+export OS_PROTOCOL="openid"
+export OS_AUTH_TYPE="v3oidcpassword"
+echo "($OS_USERNAME) Please enter your Chameleon CLI password: "
+read -sr OS_PASSWORD_INPUT
+export OS_PASSWORD=$OS_PASSWORD_INPUT
+{% endraw %}
+export OS_IDENTITY_PROVIDER="{{ identity_provider_name }}"
+export OS_DISCOVERY_ENDPOINT="{{ identity_provider_url }}/.well-known/openid-configuration"
+export OS_CLIENT_ID="{{ keystone_oidc_client_id | default(none) }}"
+export OS_ACCESS_TOKEN_TYPE="access_token"
+{% raw -%}
+export OS_CLIENT_SECRET="none"
+{% else %}
+export OS_USER_DOMAIN_NAME="{{ user_domain_name|shellfilter }}"
+if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi
+export OS_AUTH_TYPE="password"
+echo "($OS_USERNAME) Please enter your Chameleon password: "
+read -sr OS_PASSWORD_INPUT
+export OS_PASSWORD=$OS_PASSWORD_INPUT
+{% endif %}
+export OS_REGION_NAME="{{ region|shellfilter }}"
+if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi
+{% endraw %}