Do not use keystone_admin_url et al
Following up on [1]. The 3 variables are only introducing noise after we removed the reliance on Keystone's admin port. [1] I5099b08953789b280c915a6b7a22bdd4e3404076 Change-Id: I3f9dab93042799eda9174257e604fd1844684c1c
This commit is contained in:
Radosław Piliszek
parent
15a81a2883
commit
7ca9349b09
@ -525,7 +525,8 @@ vitrage_api_port: "8999"
|
||||
|
||||
public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
|
||||
internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
|
||||
admin_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
|
||||
# TODO(yoctozepto): Remove after Zed. Kept for compatibility only.
|
||||
admin_protocol: "{{ internal_protocol }}"
|
||||
|
||||
####################
|
||||
# OpenStack options
|
||||
@ -847,7 +848,8 @@ kibana_log_prefix: "flog"
|
||||
keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
|
||||
keystone_external_fqdn: "{{ kolla_external_fqdn }}"
|
||||
|
||||
keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
|
||||
# TODO(yoctozepto): Remove after Zed. Kept for compatibility only.
|
||||
keystone_admin_url: "{{ keystone_internal_url }}"
|
||||
keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
|
||||
keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
|
||||
|
||||
@ -875,7 +877,7 @@ keystone_default_user_role: "_member_"
|
||||
# OpenStack authentication string. You should only need to override these if you
|
||||
# are changing the admin tenant/project or user.
|
||||
openstack_auth:
|
||||
auth_url: "{{ keystone_admin_url }}"
|
||||
auth_url: "{{ keystone_internal_url }}"
|
||||
username: "{{ keystone_admin_user }}"
|
||||
password: "{{ keystone_admin_password }}"
|
||||
user_domain_name: "{{ default_user_domain_name }}"
|
||||
|
||||
@ -25,7 +25,7 @@ project_name = service
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
username = {{ aodh_keystone_user }}
|
||||
password = {{ aodh_keystone_password }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
cafile = {{ openstack_cacert }}
|
||||
region_name = {{ openstack_region_name }}
|
||||
|
||||
@ -59,7 +59,7 @@ project_name = service
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
username = {{ barbican_keystone_user }}
|
||||
password = {{ barbican_keystone_password }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
cafile = {{ openstack_cacert }}
|
||||
region_name = {{ openstack_region_name }}
|
||||
|
||||
@ -6,7 +6,7 @@ host = {{ api_interface_address }}
|
||||
port = {{ blazar_api_port }}
|
||||
os_auth_host = {{ keystone_internal_fqdn }}
|
||||
os_auth_port = {{ keystone_public_port }}
|
||||
os_auth_protocol = {{ admin_protocol }}
|
||||
os_auth_protocol = {{ internal_protocol }}
|
||||
os_auth_version = v3
|
||||
os_admin_username = {{ blazar_keystone_user }}
|
||||
os_admin_password = {{ blazar_keystone_password }}
|
||||
@ -21,7 +21,7 @@ plugins = virtual.instance.plugin,physical.host.plugin
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}/v3
|
||||
auth_url = {{ keystone_admin_url }}/v3
|
||||
auth_url = {{ keystone_internal_url }}/v3
|
||||
auth_type = password
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
|
||||
@ -85,7 +85,7 @@ policy_file = {{ cinder_policy_file }}
|
||||
|
||||
[nova]
|
||||
interface = internal
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -103,7 +103,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -18,7 +18,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -8,7 +8,7 @@ export OS_PROJECT_NAME={{ keystone_admin_project }}
|
||||
export OS_TENANT_NAME={{ keystone_admin_project }}
|
||||
export OS_USERNAME={{ keystone_admin_user }}
|
||||
export OS_PASSWORD={{ keystone_admin_password }}
|
||||
export OS_AUTH_URL={{ keystone_admin_url }}/v3
|
||||
export OS_AUTH_URL={{ keystone_internal_url }}/v3
|
||||
export OS_INTERFACE=internal
|
||||
export OS_ENDPOINT_TYPE=internalURL
|
||||
{% if enable_manila | bool %}
|
||||
|
||||
@ -25,14 +25,14 @@ project_name = service
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
username = {{ cyborg_keystone_user }}
|
||||
password = {{ cyborg_keystone_password }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
cafile = {{ openstack_cacert }}
|
||||
region_name = {{ openstack_region_name }}
|
||||
|
||||
[placement]
|
||||
auth_type = password
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
username = {{ placement_keystone_user }}
|
||||
password = {{ placement_keystone_password }}
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
|
||||
@ -20,7 +20,7 @@ enabled_extensions_admin = quotas, reports
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -25,7 +25,7 @@ os_user_domain_name = {{ openstack_auth.user_domain_name }}
|
||||
{% if service_name == 'freezer-api' %}
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -42,7 +42,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -6,7 +6,7 @@ log_file = /var/log/kolla/glance/glance-cache.log
|
||||
image_cache_max_size = {{ glance_cache_max_size }}
|
||||
image_cache_dir = /var/lib/glance/image-cache
|
||||
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
admin_password = {{ glance_keystone_password }}
|
||||
admin_user = {{ glance_keystone_user }}
|
||||
admin_tenant_name = {{ default_project_domain_id }}
|
||||
|
||||
@ -50,7 +50,7 @@ project_name = service
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
username = {{ gnocchi_keystone_user }}
|
||||
password = {{ gnocchi_keystone_password }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
cafile = {{ openstack_cacert }}
|
||||
region_name = {{ openstack_region_name }}
|
||||
|
||||
@ -44,7 +44,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -67,7 +67,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
|
||||
|
||||
[trustee]
|
||||
auth_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
username = {{ heat_keystone_user }}
|
||||
|
||||
@ -20,7 +20,7 @@ ssl_ca_file = {{ om_rabbitmq_cacert }}
|
||||
|
||||
[ironic]
|
||||
{% if ironic_enable_keystone_integration | bool %}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -38,7 +38,7 @@ endpoint_override = {{ ironic_internal_endpoint }}
|
||||
{% if ironic_enable_keystone_integration | bool %}
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -48,7 +48,7 @@ max_retries = -1
|
||||
{% if ironic_enable_keystone_integration | bool %}
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -66,7 +66,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
|
||||
|
||||
{% if enable_cinder | bool %}
|
||||
[cinder]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = default
|
||||
@ -80,7 +80,7 @@ cafile = {{ openstack_cacert }}
|
||||
|
||||
{% if enable_glance | bool %}
|
||||
[glance]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = default
|
||||
@ -94,7 +94,7 @@ cafile = {{ openstack_cacert }}
|
||||
|
||||
{% if enable_neutron | bool %}
|
||||
[neutron]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = default
|
||||
@ -109,7 +109,7 @@ cafile = {{ openstack_cacert }}
|
||||
|
||||
{% if enable_nova | bool %}
|
||||
[nova]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = default
|
||||
@ -123,7 +123,7 @@ cafile = {{ openstack_cacert }}
|
||||
|
||||
{% if enable_swift | bool %}
|
||||
[swift]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -137,7 +137,7 @@ cafile = {{ openstack_cacert }}
|
||||
|
||||
[inspector]
|
||||
{% if ironic_enable_keystone_integration | bool %}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = default
|
||||
@ -154,7 +154,7 @@ endpoint_override = {{ ironic_inspector_internal_endpoint }}
|
||||
|
||||
[service_catalog]
|
||||
{% if ironic_enable_keystone_integration | bool %}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = default
|
||||
|
||||
@ -186,7 +186,7 @@ keystone_ks_services:
|
||||
type: "identity"
|
||||
description: "Openstack Identity Service"
|
||||
endpoints:
|
||||
- {'interface': 'admin', 'url': '{{ keystone_admin_url }}'}
|
||||
- {'interface': 'admin', 'url': '{{ keystone_internal_url }}'}
|
||||
- {'interface': 'internal', 'url': '{{ keystone_internal_url }}'}
|
||||
- {'interface': 'public', 'url': '{{ keystone_public_url }}'}
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
command: >
|
||||
docker exec keystone kolla_keystone_bootstrap
|
||||
{{ openstack_auth.username }} {{ openstack_auth.password }} {{ keystone_admin_project }}
|
||||
admin {{ keystone_admin_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }}
|
||||
admin {{ keystone_internal_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }}
|
||||
register: keystone_bootstrap
|
||||
changed_when: (keystone_bootstrap.stdout | from_json).changed
|
||||
failed_when: (keystone_bootstrap.stdout | from_json).failed
|
||||
|
||||
@ -11,7 +11,7 @@ default_driver = kuryr.lib.binding.drivers.veth
|
||||
|
||||
[neutron]
|
||||
auth_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
endpoint_type = internal
|
||||
project_domain_name = {{ default_project_domain_name }}
|
||||
|
||||
@ -77,7 +77,7 @@ cafile = {{ openstack_cacert }}
|
||||
[keystone_authtoken]
|
||||
auth_version = v3
|
||||
www_authenticate_uri = {{ keystone_internal_url }}/v3
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_name = {{ default_project_domain_name }}
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
|
||||
@ -6,7 +6,7 @@ enabled_share_backends = {{ manila_enabled_backends|map(attribute='name')|join('
|
||||
default_share_type = default_share_type
|
||||
|
||||
[glance]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -19,7 +19,7 @@ cafile = {{ openstack_cacert }}
|
||||
|
||||
[cinder]
|
||||
auth_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -36,7 +36,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
|
||||
|
||||
[nova]
|
||||
auth_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -54,7 +54,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
|
||||
[neutron]
|
||||
auth_uri = {{ keystone_internal_url }}
|
||||
url = {{ neutron_internal_endpoint }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -32,7 +32,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -4,7 +4,7 @@ log_dir = /var/log/kolla/masakari
|
||||
|
||||
[api]
|
||||
region = {{ openstack_region_name }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
project_name = service
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
|
||||
@ -23,7 +23,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}/v3
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_name = {{ default_project_domain_name }}
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
|
||||
@ -40,7 +40,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}/v3
|
||||
auth_url = {{ keystone_admin_url }}/v3
|
||||
auth_url = {{ keystone_internal_url }}/v3
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -4,7 +4,7 @@ Api:
|
||||
region_name: {{ openstack_region_name }}
|
||||
username: {{ monasca_agent_user }}
|
||||
password: {{ monasca_agent_password }}
|
||||
keystone_url: {{ keystone_admin_url }}
|
||||
keystone_url: {{ keystone_internal_url }}
|
||||
user_domain_name: Default
|
||||
project_name: {{ monasca_control_plane_project }}
|
||||
project_domain_id: {{ default_project_domain_id }}
|
||||
|
||||
@ -32,7 +32,7 @@ delegate_authorized_roles = {{ monasca_delegate_authorized_roles|join(', ') }}
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -22,7 +22,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -38,7 +38,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
|
||||
|
||||
[murano_auth]
|
||||
auth_uri = {{ keystone_internal_url }}/v3
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_name = {{ default_project_domain_name }}
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
[ironic]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -86,7 +86,7 @@ nsx_extension_drivers = vmware_dvs_dns
|
||||
ipam_driver = {{ neutron_ipam_driver }}
|
||||
|
||||
[nova]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -114,7 +114,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -161,7 +161,7 @@ drivers = ovs
|
||||
[designate]
|
||||
url = {{ designate_internal_endpoint }}/v2
|
||||
auth_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -185,7 +185,7 @@ connection_string = {{ osprofiler_backend_connection_string }}
|
||||
|
||||
[placement]
|
||||
auth_type = password
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
username = {{ placement_keystone_user }}
|
||||
password = {{ placement_keystone_password }}
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
|
||||
@ -107,7 +107,7 @@ num_retries = 3
|
||||
[cinder]
|
||||
catalog_info = volumev3:cinderv3:internalURL
|
||||
os_region_name = {{ openstack_region_name }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_name = {{ default_project_domain_name }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -123,7 +123,7 @@ service_metadata_proxy = true
|
||||
{% if neutron_plugin_agent in ['vmware_nsxv3', 'vmware_nsxp'] %}
|
||||
ovs_bridge = {{ ovs_bridge }}
|
||||
{% endif %}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
cafile = {{ openstack_cacert }}
|
||||
project_domain_name = {{ default_project_domain_name }}
|
||||
@ -203,7 +203,7 @@ debug = {{ nova_logging_debug }}
|
||||
|
||||
[placement]
|
||||
auth_type = password
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
username = {{ placement_keystone_user }}
|
||||
password = {{ placement_keystone_password }}
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
|
||||
@ -66,7 +66,7 @@ debug = {{ nova_logging_debug }}
|
||||
[cinder]
|
||||
catalog_info = volumev3:cinderv3:internalURL
|
||||
os_region_name = {{ openstack_region_name }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_name = {{ default_project_domain_name }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -79,7 +79,7 @@ cafile = {{ openstack_cacert }}
|
||||
[neutron]
|
||||
metadata_proxy_shared_secret = {{ metadata_secret }}
|
||||
service_metadata_proxy = true
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_name = {{ default_project_domain_name }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -111,7 +111,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -170,7 +170,7 @@ workers = {{ openstack_service_workers }}
|
||||
|
||||
[placement]
|
||||
auth_type = password
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
username = {{ placement_keystone_user }}
|
||||
password = {{ placement_keystone_password }}
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
|
||||
@ -251,7 +251,7 @@ octavia_loadbalancer_topology: "SINGLE"
|
||||
|
||||
# OpenStack auth used when registering resources for Octavia.
|
||||
octavia_user_auth:
|
||||
auth_url: "{{ keystone_admin_url }}"
|
||||
auth_url: "{{ keystone_internal_url }}"
|
||||
username: "octavia"
|
||||
password: "{{ octavia_keystone_password }}"
|
||||
project_name: "{{ octavia_service_auth_project }}"
|
||||
|
||||
@ -5,6 +5,6 @@ export OS_USER_DOMAIN_NAME=Default
|
||||
export OS_PROJECT_NAME={{ octavia_service_auth_project }}
|
||||
export OS_USERNAME={{ octavia_keystone_user }}
|
||||
export OS_PASSWORD={{ octavia_keystone_password }}
|
||||
export OS_AUTH_URL={{ keystone_admin_url }}/v3
|
||||
export OS_AUTH_URL={{ keystone_internal_url }}/v3
|
||||
export OS_INTERFACE=internal
|
||||
export OS_ENDPOINT_TYPE=internalURL
|
||||
|
||||
@ -44,7 +44,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[service_auth]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
username = {{ octavia_keystone_user }}
|
||||
password = {{ octavia_keystone_password }}
|
||||
@ -59,7 +59,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -36,7 +36,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -11,4 +11,4 @@ clouds:
|
||||
project_domain_name: 'Default'
|
||||
user_domain_name: 'Default'
|
||||
cacert: {{ openstack_cacert }}
|
||||
auth_url: {{ keystone_admin_url }}/v3
|
||||
auth_url: {{ keystone_internal_url }}/v3
|
||||
|
||||
@ -16,7 +16,7 @@ connection_recycle_time = {{ database_connection_recycle_time }}
|
||||
max_pool_size = {{ database_max_pool_size }}
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
user_domain_name = {{ default_project_domain_name }}
|
||||
project_name = service
|
||||
@ -60,5 +60,5 @@ project_name = service
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
username = {{ sahara_keystone_user }}
|
||||
password = {{ sahara_keystone_password }}
|
||||
auth_url = {{ keystone_admin_url }}/v3
|
||||
auth_url = {{ keystone_internal_url }}/v3
|
||||
cafile = {{ openstack_cacert }}
|
||||
|
||||
@ -13,7 +13,7 @@ workers = {{ openstack_service_workers }}
|
||||
{% endif %}
|
||||
|
||||
[authentication]
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
service_username = {{ senlin_keystone_user }}
|
||||
service_password = {{ senlin_keystone_password }}
|
||||
service_project_name = service
|
||||
@ -43,7 +43,7 @@ workers = {{ openstack_service_workers }}
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -49,7 +49,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -36,7 +36,7 @@ use = egg:swift#proxy_logging
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
auth_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -33,7 +33,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_name = {{ default_project_domain_id }}
|
||||
user_domain_name = {{ default_user_domain_id }}
|
||||
@ -51,7 +51,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
|
||||
username = {{ tacker_keystone_user }}
|
||||
password = {{ tacker_keystone_password }}
|
||||
project_name = service
|
||||
url = {{ keystone_admin_url }}
|
||||
url = {{ keystone_internal_url }}
|
||||
|
||||
[ceilometer]
|
||||
host = {{ api_interface_address }}
|
||||
|
||||
@ -56,7 +56,7 @@ project_name = service
|
||||
user_domain_name = {{ default_user_domain_name }}
|
||||
username = {{ trove_keystone_user }}
|
||||
password = {{ trove_keystone_password }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
cafile = {{ openstack_cacert }}
|
||||
region_name = {{ openstack_region_name }}
|
||||
|
||||
@ -23,7 +23,7 @@ cafile = {{ openstack_cacert }}
|
||||
project_name = service
|
||||
password = {{ venus_keystone_password }}
|
||||
username = {{ venus_keystone_user }}
|
||||
auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
auth_type = password
|
||||
|
||||
@ -33,7 +33,7 @@ plugins = jaccard_correlation
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -20,7 +20,7 @@ max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -37,7 +37,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
|
||||
|
||||
[watcher_clients_auth]
|
||||
auth_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -32,7 +32,7 @@ max_retries = -1
|
||||
# - best keep them both in sync
|
||||
[keystone_auth]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
@ -54,7 +54,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
|
||||
# - best keep them both in sync
|
||||
[keystone_authtoken]
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_admin_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
|
||||
@ -1,4 +1,8 @@
|
||||
---
|
||||
deprecations:
|
||||
- |
|
||||
Variables ``keystone_admin_port``, ``keystone_admin_url`` and
|
||||
``admin_protocol`` are deprecated for removal after Zed.
|
||||
upgrade:
|
||||
- |
|
||||
Keystone's admin interface no longer points to a separate port.
|
||||
@ -6,3 +10,7 @@ upgrade:
|
||||
compatibility. Users are advised to run the deploy and post-deploy
|
||||
commands afterwards to ensure port's cleanup.
|
||||
For more information, please refer to the docs.
|
||||
Please note that the relevant variables ``keystone_admin_port``,
|
||||
``keystone_admin_url`` and ``admin_protocol`` are no longer used
|
||||
and are deprecated for removal after Zed. Please cease their usage
|
||||
in your customisations.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user