diff --git a/magnumclient/common/utils.py b/magnumclient/common/utils.py
index 99676da76bc8169f30e0ad80e530e5fd2fc1efe5..52219c98991b1ae3ae0087a82c46f3e96354ba5b 100644
--- a/magnumclient/common/utils.py
+++ b/magnumclient/common/utils.py
@@ -160,11 +160,11 @@ def handle_json_from_file(json_arg):
def config_cluster(cluster, cluster_template, cfg_dir, force=False,
- certs=None):
+ certs=None, use_keystone=False):
"""Return and write configuration for the given cluster."""
if cluster_template.coe == 'kubernetes':
return _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
- force, certs)
+ force, certs, use_keystone)
elif (cluster_template.coe == 'swarm'
or cluster_template.coe == 'swarm-mode'):
return _config_cluster_swarm(cluster, cluster_template, cfg_dir,
@@ -172,7 +172,7 @@ def config_cluster(cluster, cluster_template, cfg_dir, force=False,
def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
- force=False, certs=None):
+ force=False, certs=None, use_keystone=False):
"""Return and write configuration for the given kubernetes cluster."""
cfg_file = "%s/config" % cfg_dir
if cluster_template.tls_disabled or certs is None:
@@ -193,30 +193,64 @@ def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
"- name: %(name)s'\n"
% {'name': cluster.name, 'api_address': cluster.api_address})
else:
- cfg = ("apiVersion: v1\n"
- "clusters:\n"
- "- cluster:\n"
- " certificate-authority-data: %(ca)s\n"
- " server: %(api_address)s\n"
- " name: %(name)s\n"
- "contexts:\n"
- "- context:\n"
- " cluster: %(name)s\n"
- " user: admin\n"
- " name: default\n"
- "current-context: default\n"
- "kind: Config\n"
- "preferences: {}\n"
- "users:\n"
- "- name: admin\n"
- " user:\n"
- " client-certificate-data: %(cert)s\n"
- " client-key-data: %(key)s\n"
- % {'name': cluster.name,
- 'api_address': cluster.api_address,
- 'key': base64.b64encode(certs['key']),
- 'cert': base64.b64encode(certs['cert']),
- 'ca': base64.b64encode(certs['ca'])})
+ if not use_keystone:
+ cfg = ("apiVersion: v1\n"
+ "clusters:\n"
+ "- cluster:\n"
+ " certificate-authority-data: %(ca)s\n"
+ " server: %(api_address)s\n"
+ " name: %(name)s\n"
+ "contexts:\n"
+ "- context:\n"
+ " cluster: %(name)s\n"
+ " user: admin\n"
+ " name: default\n"
+ "current-context: default\n"
+ "kind: Config\n"
+ "preferences: {}\n"
+ "users:\n"
+ "- name: admin\n"
+ " user:\n"
+ " client-certificate-data: %(cert)s\n"
+ " client-key-data: %(key)s\n"
+ % {'name': cluster.name,
+ 'api_address': cluster.api_address,
+ 'key': base64.b64encode(certs['key']),
+ 'cert': base64.b64encode(certs['cert']),
+ 'ca': base64.b64encode(certs['ca'])})
+ else:
+ cfg = ("apiVersion: v1\n"
+ "clusters:\n"
+ "- cluster:\n"
+ " certificate-authority-data: %(ca)s\n"
+ " server: %(api_address)s\n"
+ " name: %(name)s\n"
+ "contexts:\n"
+ "- context:\n"
+ " cluster: %(name)s\n"
+ " user: openstackuser\n"
+ " name: openstackuser@kubernetes\n"
+ "current-context: openstackuser@kubernetes\n"
+ "kind: Config\n"
+ "preferences: {}\n"
+ "users:\n"
+ "- name: openstackuser\n"
+ " user:\n"
+ " exec:\n"
+ " command: /bin/bash\n"
+ " apiVersion: client.authentication.k8s.io/v1alpha1\n"
+ " args:\n"
+ " - -c\n"
+ " - >\n"
+ " if [ -z ${OS_TOKEN} ]; then\n"
+ " echo 'Error: Missing OpenStack credential from environment variable $OS_TOKEN' > /dev/stderr\n" # noqa
+ " exit 1\n"
+ " else\n"
+ " echo '{ \"apiVersion\": \"client.authentication.k8s.io/v1alpha1\", \"kind\": \"ExecCredential\", \"status\": { \"token\": \"'\"${OS_TOKEN}\"'\"}}'\n" # noqa
+ " fi\n"
+ % {'name': cluster.name,
+ 'api_address': cluster.api_address,
+ 'ca': base64.b64encode(certs['ca'])})
if os.path.exists(cfg_file) and not force:
raise exc.CommandError("File %s exists, aborting." % cfg_file)
diff --git a/magnumclient/osc/v1/clusters.py b/magnumclient/osc/v1/clusters.py
index 8e85b96f2a18e15af05808379423580b2f293aba..5e28d82aba3beafb0aea86671cb41ed7d4784fb4 100644
--- a/magnumclient/osc/v1/clusters.py
+++ b/magnumclient/osc/v1/clusters.py
@@ -299,6 +299,18 @@ class ConfigCluster(command.Command):
dest='output_certs',
default=False,
help=_('Output certificates in separate files.'))
+ parser.add_argument(
+ '--use-certificate',
+ action='store_true',
+ dest='use_certificate',
+ default=True,
+ help=_('Use certificate in config files.'))
+ parser.add_argument(
+ '--use-keystone',
+ action='store_true',
+ dest='use_keystone',
+ default=False,
+ help=_('Use Keystone token in config files.'))
return parser
@@ -309,6 +321,11 @@ class ConfigCluster(command.Command):
the corresponding COE configured to access the cluster.
"""
+ if parsed_args.use_keystone:
+ parsed_args.use_certificate = False
+ if not parsed_args.use_certificate:
+ parsed_args.use_keystone = True
+
self.log.debug("take_action(%s)", parsed_args)
mag_client = self.app.client_manager.container_infra
@@ -340,8 +357,7 @@ class ConfigCluster(command.Command):
with open(fname, "w") as f:
f.write(tls[k])
- print(magnum_utils.config_cluster(cluster,
- cluster_template,
- parsed_args.dir,
- force=parsed_args.force,
- certs=tls))
+ print(magnum_utils.config_cluster(
+ cluster, cluster_template, parsed_args.dir,
+ force=parsed_args.force, certs=tls,
+ use_keystone=parsed_args.use_keystone))