From 05c13dfd9eaf76277175ad162d0c85c31fcc3487 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Thu, 26 Aug 2021 11:26:02 +0200 Subject: [PATCH] Keystone: deprecate the separate admin service It's not needed since Identity v3 and only consumes resources. Deprecate it with the intention to drop it in Yoga. Change-Id: I477042af86263422ea12f6e9bf710bfff89e36c4 --- .../roles/bifrost-ironic-install/defaults/main.yml | 2 +- playbooks/roles/bifrost-keystone-install/README.md | 6 +++--- .../roles/bifrost-keystone-install/defaults/main.yml | 2 +- .../templates/nginx_conf.d_bifrost-keystone.conf.j2 | 1 + .../notes/keystone-admin-9eadd531de3f20ce.yaml | 10 ++++++++++ 5 files changed, 16 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/keystone-admin-9eadd531de3f20ce.yaml diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index abd6a7c66..58d3bf061 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -350,7 +350,7 @@ keystone: username: "{{ admin_username }}" password: "{{ admin_password }}" project_name: admin - admin_url: "{{ api_protocol }}://{{ internal_ip }}:35357/v3/" + admin_url: "{{ keystone_api_url }}" public_url: "{{ keystone_api_url }}" internal_url: "{{ api_protocol }}://127.0.0.1:5000/v3/" region_name: "RegionOne" diff --git a/playbooks/roles/bifrost-keystone-install/README.md b/playbooks/roles/bifrost-keystone-install/README.md index bec702968..8e1f05d7e 100644 --- a/playbooks/roles/bifrost-keystone-install/README.md +++ b/playbooks/roles/bifrost-keystone-install/README.md @@ -56,9 +56,9 @@ Below is the full data structure. username: admin password: ChangeThisPa55w0rd project_name: admin - admin_url: "http://127.0.0.1:35357/v2.0/" - public_url: "http://127.0.0.1:5000/v2.0/" - internal_url: "http://127.0.0.1:5000/v2.0/" + admin_url: "http://127.0.0.1:5000/v3/" + public_url: "http://127.0.0.1:5000/v3/" + internal_url: "http://127.0.0.1:5000/v3/" region_name: "RegionOne" message_queue: username: keystone diff --git a/playbooks/roles/bifrost-keystone-install/defaults/main.yml b/playbooks/roles/bifrost-keystone-install/defaults/main.yml index bf1270db1..cdce331b6 100644 --- a/playbooks/roles/bifrost-keystone-install/defaults/main.yml +++ b/playbooks/roles/bifrost-keystone-install/defaults/main.yml @@ -69,7 +69,7 @@ keystone: username: "{{ admin_username }}" password: "{{ admin_password }}" project_name: admin - admin_url: "{{ api_protocol }}://{{ internal_ip }}:35357/v3/" + admin_url: "{{ keystone_api_url }}" public_url: "{{ keystone_api_url }}" internal_url: "{{ api_protocol }}://127.0.0.1:5000/v3/" region_name: "RegionOne" diff --git a/playbooks/roles/bifrost-keystone-install/templates/nginx_conf.d_bifrost-keystone.conf.j2 b/playbooks/roles/bifrost-keystone-install/templates/nginx_conf.d_bifrost-keystone.conf.j2 index 808a8dd51..b8f91984b 100644 --- a/playbooks/roles/bifrost-keystone-install/templates/nginx_conf.d_bifrost-keystone.conf.j2 +++ b/playbooks/roles/bifrost-keystone-install/templates/nginx_conf.d_bifrost-keystone.conf.j2 @@ -15,6 +15,7 @@ server { uwsgi_param SCRIPT_NAME ''; } } +{# TODO(dtantsur): remove the separate admin endpoint after Xena #} server { {% if enable_tls | bool %} listen 35357 ssl; diff --git a/releasenotes/notes/keystone-admin-9eadd531de3f20ce.yaml b/releasenotes/notes/keystone-admin-9eadd531de3f20ce.yaml new file mode 100644 index 000000000..2b4735163 --- /dev/null +++ b/releasenotes/notes/keystone-admin-9eadd531de3f20ce.yaml @@ -0,0 +1,10 @@ +--- +upgrade: + - | + The ``admin`` Keystone endpoint will be upgraded from using port 35357 + (a separate admin API) to use port 5000 (the default Identity API). +deprecations: + - | + The separate Keystone admin API (served at port 35357) is deprecated and + will be removed in a future release. Please update your applications to + refer to port 5000 only for Keystone operations.