Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding details for QDR password auth #502

Merged
merged 4 commits into from
Oct 12, 2023
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ include::../modules/proc_configuring-red-hat-openstack-platform-overcloud-for-st
ifdef::include_when_13,include_when_17[]
include::../modules/proc_getting-ca-certificate-from-stf-for-overcloud-configuration.adoc[leveloffset=+2]
endif::include_when_13,include_when_17[]
include::../modules/proc_retrieving-the-qdr-password.adoc[leveloffset=+2]
include::../modules/proc_retrieving-the-qdr-route-address.adoc[leveloffset=+2]
include::../modules/proc_creating-the-base-configuration-for-stf.adoc[leveloffset=+2]
include::../modules/proc_configuring-the-stf-connection-for-the-overcloud.adoc[leveloffset=+2]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ As part of the {OpenStack} ({OpenStackShort}) overcloud deployment using directo
ifdef::include_when_13,include_when_17[]
. xref:getting-ca-certificate-from-stf-for-overcloud-configuration_assembly-completing-the-stf-configuration[]
endif::include_when_13,include_when_17[]
. xref:retrieving-the-qdr-password_assembly-completing-the-stf-configuration[Retrieving the {MessageBus} password]
. xref:retrieving-the-qdr-route-address_assembly-completing-the-stf-configuration[Retrieving the {MessageBus} route address]
. xref:creating-the-base-configuration-for-stf_assembly-completing-the-stf-configuration[Creating the base configuration for {ProjectShort}]
. xref:configuring-the-stf-connection-for-the-overcloud_assembly-completing-the-stf-configuration[Configuring the {ProjectShort} connection for the overcloud]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ data:
role: edge
verifyHostname: false
sslProfile: sslProfile
saslUsername: guest@default-interconnect
saslPassword: pass:<password_from_stf>

MetricsQdrSSLProfiles:
- name: sslProfile
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ To configure the {Project} ({ProjectShort}) connection, you must create a file t
ifdef::include_when_13,include_when_17[]
* Retrieve the CA certificate from the {MessageBus} deployed by {ProjectShort}. For more information, see xref:getting-ca-certificate-from-stf-for-overcloud-configuration_assembly-completing-the-stf-configuration[].
endif::include_when_13,include_when_17[]
* Retrieve the {MessageBus} password. For more information, see xref:retrieving-the-qdr-password_assembly-completing-the-stf-configuration[].
* Retrieve the {MessageBus} route address. For more information, see xref:retrieving-the-qdr-route-address_assembly-completing-the-stf-configuration[].

// The following configuration should match the contents in modules/proc_creating-openstack-environment-file-for-multiple-clouds.adoc. If you have changes to make, please make the same changes to both files.
Expand Down Expand Up @@ -41,6 +42,8 @@ parameter_defaults:
role: edge
verifyHostname: false
sslProfile: sslProfile
saslUsername: guest@default-interconnect
saslPassword: pass:<password_from_stf>

MetricsQdrSSLProfiles:
- name: sslProfile
Expand Down Expand Up @@ -68,6 +71,7 @@ endif::[]
* The `qdr::router_id` configuration is to override the default value which uses the fully-qualified domain name (FQDN) of the host. In some cases the FQDN can result in a router ID length of greater than 61 characters which results in failed QDR connections. For deployments with shorter FQDN values this is not necessary.
* The `resource_registry` configuration directly loads the collectd service because you do not include the `collectd-write-qdr.yaml` environment file for multiple cloud deployments.
* Replace the `host` sub-parameter of `MetricsQdrConnectors` with the value that you retrieved in xref:retrieving-the-qdr-route-address_assembly-completing-the-stf-configuration[].
* Replace the `<password_from_stf>` portion of the `saslPassword` sub-parameter of `MetricsQdrConnectors` with the value you retrieved in xref:retrieving-the-qdr-password_assembly-completing-the-stf-configuration[].
ifdef::include_when_13,include_when_17[]
* Replace the `caCertFileContent` parameter with the contents retrieved in xref:getting-ca-certificate-from-stf-for-overcloud-configuration_assembly-completing-the-stf-configuration[].
endif::include_when_13,include_when_17[]
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
[id="retrieving-the-qdr-password_{context}"]
= Retrieving the {MessageBus} password

[role="_abstract"]
When you configure the {OpenStack} ({OpenStackShort}) overcloud for {Project} ({ProjectShort}), you must provide the {MessageBus} password in the {ProjectShort} connection file.

Basic authentication on the {MessageBus} connection can be disabled by setting `transports.qdr.auth` parameter of the ServiceTelemetry spec to `none`. Versions of {ProjectShort} before 1.5.3 did not support this parameter and will always behave as if set to `none`. This behavior is preserved after an upgrade to {ProjectShort} 1.5.3 until a user explicitly changes the parameter to `basic`. New installs of {ProjectShort} 1.5.3 or later use `basic` authentication by default.
csibbitt marked this conversation as resolved.
Show resolved Hide resolved

.Procedure

. Log in to your {OpenShift} environment where {ProjectShort} is hosted.

. Change to the `service-telemetry` project:
+
[source,bash]
----
$ oc project service-telemetry
----

. Retrieve the {MessageBus} password:
+
[source,bash,options="nowrap",subs="verbatim"]
----
$ oc get secret default-interconnect-users -o json | jq -r .data.guest | base64 -d
----