commit 1c3ba7706559eb99357773356230240adb3aa1ea
Author: Shuicheng Lin <email address hidden>
Date: Wed Dec 11 16:37:03 2019 +0800
Audit local registry secret info when there is user update in keystone
local registry uses admin's username&password for authentication.
And admin's password could be changed by openstack client cmd. It will
cause auth info in secrets obsolete, and lead to invalid authentication
in keystone.
To keep secrets info updated, keystone event notification is enabled.
And event notification listener is added in sysinv. So when there is
user password change, a user update event will be sent out by keystone.
And sysinv will call function audit_local_registry_secrets to check
whether kubernetes secret info need be updated or not.
A periodic task is added also to ensure secrets are always synced, in
case notification is missed or there is failure in handle notification.
oslo_messaging is added to tox's requirements.txt to avoid tox failure.
The version is based on global-requirements.txt from Openstack Train.
Test:
Pass deployment and secrets could be updated automatically with new auth
info.
Pass host-swact in duplex mode.
Closes-Bug: 1853017
Depends-On: https://review.opendev.org/707154
Depends-On: https://review.opendev.org/707155
Change-Id: I959b65288e0834b989aa87e40506e41d0bba0d59
Signed-off-by: Shuicheng Lin <email address hidden>
(cherry picked from commit 8ab1e2d7c624f83d72efcbfcddcdffa567a26bad)
Reviewed: https:/ /review. opendev. org/707156 /git.openstack. org/cgit/ starlingx/ config/ commit/ ?id=1c3ba770655 9eb993577733562 30240adb3aa1ea
Committed: https:/
Submitter: Zuul
Branch: r/stx.3.0
commit 1c3ba7706559eb9 935777335623024 0adb3aa1ea
Author: Shuicheng Lin <email address hidden>
Date: Wed Dec 11 16:37:03 2019 +0800
Audit local registry secret info when there is user update in keystone
local registry uses admin's username&password for authentication. registry_ secrets to check
And admin's password could be changed by openstack client cmd. It will
cause auth info in secrets obsolete, and lead to invalid authentication
in keystone.
To keep secrets info updated, keystone event notification is enabled.
And event notification listener is added in sysinv. So when there is
user password change, a user update event will be sent out by keystone.
And sysinv will call function audit_local_
whether kubernetes secret info need be updated or not.
A periodic task is added also to ensure secrets are always synced, in
case notification is missed or there is failure in handle notification.
oslo_messaging is added to tox's requirements.txt to avoid tox failure. requirements. txt from Openstack Train.
The version is based on global-
Test:
Pass deployment and secrets could be updated automatically with new auth
info.
Pass host-swact in duplex mode.
Closes-Bug: 1853017 /review. opendev. org/707154 /review. opendev. org/707155 b989aa87e40506e 41d0bba0d59 d72efcbfcddcdff a567a26bad)
Depends-On: https:/
Depends-On: https:/
Change-Id: I959b65288e0834
Signed-off-by: Shuicheng Lin <email address hidden>
(cherry picked from commit 8ab1e2d7c624f83