From ee50d50ebe3134ed3185d28b5f729fb895d36181 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Tue, 18 Jun 2019 07:56:32 +0200 Subject: [PATCH] Remove deprecated authentication parameters This removes inspector_auth and ironic_auth_strategy which are redundant with enable_keystone and rely on deprecated ironic-inspector options. Change-Id: Ib76978f0406fac2c2c7b8396e1a03a87db9eeba5 --- playbooks/roles/bifrost-ironic-install/README.md | 9 --------- playbooks/roles/bifrost-ironic-install/defaults/main.yml | 7 ------- .../templates/ironic-inspector.conf.j2 | 5 ++--- releasenotes/notes/auth-59e73f74a2dd507f.yaml | 5 +++++ 4 files changed, 7 insertions(+), 19 deletions(-) create mode 100644 releasenotes/notes/auth-59e73f74a2dd507f.yaml diff --git a/playbooks/roles/bifrost-ironic-install/README.md b/playbooks/roles/bifrost-ironic-install/README.md index 9075a9086..a907f2fb7 100644 --- a/playbooks/roles/bifrost-ironic-install/README.md +++ b/playbooks/roles/bifrost-ironic-install/README.md @@ -169,11 +169,6 @@ properties via a workflow. enable_inspector: Boolean value, default true. Set this value to false to prevent installing ironic-inspector. -inspector_auth: Sets ironic-inspector's authentication method. Possible values - are `keystone` and `noauth`. `noauth` is recommended since - bifrost by default installs ironic as standalone without - keystone. The default value is `noauth`. - inspector_debug: Boolean value, default true. Enables debug level logging for inspector. Note that this default may change in future. @@ -184,10 +179,6 @@ inspector_manage_firewall: Boolean value, default false. Controls whether adds the rule to permit the callback traffic, so you shouldn't need to enable this. -ironic_auth_strategy: Sets the `auth_strategy` ironic-inspector should use - with ironic. Possible values are `noauth` and - `keystone`. The default value is `noauth`. - inspector_data_dir: Base path for ironic-inspector's temporary data and log files. The default location is `/opt/stack/ironic-inspector/var`. diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index fd4426c1d..aeaf5f77d 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -158,16 +158,9 @@ inventory_dns: False # Settings to enable the use of inspector enable_inspector: true -inspector_auth: "noauth" -# Deprecated: inspector_auth will be removed in Pike, and is -# overridden when enable_keystone is set to true. -#inspector_auth: "noauth" inspector_debug: true inspector_manage_firewall: false -# Deprecated: ironic_auth_strategy will be removed in Pike. -ironic_auth_strategy: "noauth" - # Set ironic_log_dir to use a non-default log directory for ironic. ironic_log_dir: /var/log/ironic diff --git a/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 b/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 index 5676ec251..891551cd8 100644 --- a/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 +++ b/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 @@ -4,7 +4,7 @@ {% if enable_keystone is defined and enable_keystone | bool == true %} auth_strategy = keystone {% else %} -auth_strategy = {{ inspector_auth | default('noauth') }} +auth_strategy = noauth {% endif %} debug = {{ inspector_debug | bool }} @@ -36,12 +36,11 @@ username = {{ ironic_inspector.keystone.default_username }} password = {{ ironic_inspector.keystone.default_password }} auth_url = {{ ironic_inspector.service_catalog.auth_url }} auth_type = password -auth_strategy = keystone user_domain_id = default project_domain_id = default {% else %} -auth_strategy = {{ ironic_auth_strategy | default('noauth') }} +auth_type = none {% endif %} {% if enable_keystone is defined and enable_keystone | bool == true %} diff --git a/releasenotes/notes/auth-59e73f74a2dd507f.yaml b/releasenotes/notes/auth-59e73f74a2dd507f.yaml new file mode 100644 index 000000000..50b4319da --- /dev/null +++ b/releasenotes/notes/auth-59e73f74a2dd507f.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + The deprecated parameters ``inspector_auth`` and ``ironic_auth_strategy`` + have been removed. Their values are now detected from ``enable_keystone``.