Switch to using authentication by default
Change-Id: I7e3a76de9d37da224298f3821ab8ffc8448966fd
This commit is contained in:
parent
2d7dee5cd4
commit
aa727de74d
@ -18,7 +18,7 @@ This role supports one variable:
|
||||
`noauth_mode`
|
||||
|
||||
Whether bifrost has been installed in no-authentication mode.
|
||||
Defaults to `true`.
|
||||
Defaults to `false`.
|
||||
|
||||
This role sets several facts:
|
||||
|
||||
@ -69,7 +69,7 @@ Example Playbook
|
||||
gather_facts: no
|
||||
roles:
|
||||
- role: bifrost-cloud-config
|
||||
noauth_mode: true
|
||||
noauth_mode: false
|
||||
```
|
||||
|
||||
License
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
noauth_mode: true
|
||||
noauth_mode: false
|
||||
|
||||
network_interface: "virbr0"
|
||||
ans_network_interface: "{{ network_interface | replace('-', '_') }}"
|
||||
|
@ -25,12 +25,12 @@ bifrost-ironic-install role.
|
||||
testing: false
|
||||
|
||||
Enables no-authentication mode where no authentication is used for accessing
|
||||
API services. Setting it to ``false`` will make ironic and ironic-inspector
|
||||
API services. The default setting of ``true`` makes ironic and ironic-inspector
|
||||
either use keystone (if ``enable_keystone`` is true) or HTTP basic auth
|
||||
(use ``admin_username``/``admin_password`` and
|
||||
``default_username``/``default_password`` to configure).
|
||||
|
||||
noauth_mode: true
|
||||
noauth_mode: false
|
||||
|
||||
Node cleaning, which was a feature added to ironic during the Kilo cycle,
|
||||
removes the previous contents of a node once it has been moved from an
|
||||
|
@ -264,7 +264,7 @@ ansible_python_interpreter: "{{ bifrost_venv_dir + '/bin/python3' }}"
|
||||
# for noauth mode. Since we are introducing the concept of
|
||||
# authentication, we need to record the default for
|
||||
# conditional statements in the playbooks.
|
||||
noauth_mode: true
|
||||
noauth_mode: false
|
||||
|
||||
# A work around for installing older releases, remove when no longer supporting
|
||||
# Ussuri.
|
||||
|
@ -25,7 +25,7 @@ bifrost_venv_env:
|
||||
ansible_python_interpreter: "{{ bifrost_venv_dir + '/bin/python3' }}"
|
||||
|
||||
enable_keystone: false
|
||||
noauth_mode: true
|
||||
noauth_mode: false
|
||||
|
||||
# Directory (on the controller) to keep the passwords
|
||||
password_dir: "{{ lookup('env', 'HOME') }}/.config/bifrost"
|
||||
|
@ -17,7 +17,7 @@ clouds:
|
||||
cacert: "{{ tls_certificate_path }}"
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% elif noauth_mode | default(true) | bool %}
|
||||
{% elif noauth_mode | default(false) | bool %}
|
||||
bifrost:
|
||||
auth_type: "none"
|
||||
baremetal_endpoint_override: {{ ironic_api_url }}
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
noauth_mode: true
|
||||
noauth_mode: false
|
||||
wait_for_node_undeploy: false
|
||||
|
||||
# Ensure that Ansible is using python interpreter and dependencies inside the bifrost virtual environment
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
# defaults file for ironic-inspect-node
|
||||
noauth_mode: true
|
||||
noauth_mode: false
|
||||
inspection_wait_timeout: 1800
|
||||
inventory_dhcp: false
|
||||
inventory_dhcp_static_ip: true
|
||||
|
7
releasenotes/notes/no-no-auth-303152d1c29c691d.yaml
Normal file
7
releasenotes/notes/no-no-auth-303152d1c29c691d.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
Bifrost now uses HTTP basic authentication by default. The generated
|
||||
credentials will be stored in ``~/.config/openstack/clouds.yaml``.
|
||||
Use ``noauth_mode=true`` with ``enable_keystone=false`` to disable
|
||||
authentication.
|
@ -43,7 +43,7 @@ DOWNLOAD_IPA=true
|
||||
CREATE_IPA_IMAGE=false
|
||||
WRITE_INTERFACES_FILE=true
|
||||
PROVISION_WAIT_TIMEOUT=${PROVISION_WAIT_TIMEOUT:-900}
|
||||
NOAUTH_MODE=${NOAUTH_MODE:-true}
|
||||
NOAUTH_MODE=${NOAUTH_MODE:-false}
|
||||
CLOUD_CONFIG=""
|
||||
WAIT_FOR_DEPLOY=true
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user