From 7ca9349b09a06b5e0ad218d82fe2e37d86fc1630 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= Date: Sat, 28 May 2022 18:19:01 +0200 Subject: [PATCH] Do not use keystone_admin_url et al Following up on [1]. The 3 variables are only introducing noise after we removed the reliance on Keystone's admin port. [1] I5099b08953789b280c915a6b7a22bdd4e3404076 Change-Id: I3f9dab93042799eda9174257e604fd1844684c1c --- ansible/group_vars/all.yml | 8 +++++--- ansible/roles/aodh/templates/aodh.conf.j2 | 2 +- .../roles/barbican/templates/barbican.conf.j2 | 2 +- ansible/roles/blazar/templates/blazar.conf.j2 | 4 ++-- ansible/roles/cinder/templates/cinder.conf.j2 | 4 ++-- .../cloudkitty/templates/cloudkitty.conf.j2 | 2 +- .../roles/common/templates/admin-openrc.sh.j2 | 2 +- ansible/roles/cyborg/templates/cyborg.conf.j2 | 4 ++-- .../roles/designate/templates/designate.conf.j2 | 2 +- ansible/roles/freezer/templates/freezer.conf.j2 | 2 +- .../roles/glance/templates/glance-api.conf.j2 | 2 +- .../roles/glance/templates/glance-cache.conf.j2 | 2 +- ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 2 +- ansible/roles/heat/templates/heat.conf.j2 | 4 ++-- .../ironic/templates/ironic-inspector.conf.j2 | 4 ++-- ansible/roles/ironic/templates/ironic.conf.j2 | 16 ++++++++-------- ansible/roles/keystone/defaults/main.yml | 2 +- ansible/roles/keystone/tasks/register.yml | 2 +- ansible/roles/kuryr/templates/kuryr.conf.j2 | 2 +- ansible/roles/magnum/templates/magnum.conf.j2 | 2 +- .../roles/manila/templates/manila-share.conf.j2 | 8 ++++---- ansible/roles/manila/templates/manila.conf.j2 | 2 +- .../masakari/templates/masakari-monitors.conf.j2 | 2 +- .../roles/masakari/templates/masakari.conf.j2 | 2 +- ansible/roles/mistral/templates/mistral.conf.j2 | 2 +- .../agent-forwarder.yml.j2 | 2 +- .../monasca/templates/monasca-api/api.conf.j2 | 2 +- ansible/roles/murano/templates/murano.conf.j2 | 4 ++-- .../templates/ironic_neutron_agent.ini.j2 | 2 +- ansible/roles/neutron/templates/neutron.conf.j2 | 8 ++++---- ansible/roles/nova-cell/templates/nova.conf.j2 | 6 +++--- ansible/roles/nova/templates/nova.conf.j2 | 8 ++++---- ansible/roles/octavia/defaults/main.yml | 2 +- .../roles/octavia/templates/octavia-openrc.sh.j2 | 2 +- ansible/roles/octavia/templates/octavia.conf.j2 | 4 ++-- .../roles/placement/templates/placement.conf.j2 | 2 +- ansible/roles/prometheus/templates/clouds.yml.j2 | 2 +- ansible/roles/sahara/templates/sahara.conf.j2 | 4 ++-- ansible/roles/senlin/templates/senlin.conf.j2 | 4 ++-- ansible/roles/solum/templates/solum.conf.j2 | 2 +- .../roles/swift/templates/proxy-server.conf.j2 | 2 +- ansible/roles/tacker/templates/tacker.conf.j2 | 4 ++-- ansible/roles/trove/templates/trove.conf.j2 | 2 +- ansible/roles/venus/templates/venus.conf.j2 | 2 +- ansible/roles/vitrage/templates/vitrage.conf.j2 | 2 +- ansible/roles/watcher/templates/watcher.conf.j2 | 4 ++-- ansible/roles/zun/templates/zun.conf.j2 | 4 ++-- ...eystone-admin-port-gone-1a28302df63aa70b.yaml | 8 ++++++++ 48 files changed, 89 insertions(+), 79 deletions(-) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index ade3e1be4f..2ee5a0451f 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -525,7 +525,8 @@ vitrage_api_port: "8999" public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}" internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}" -admin_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}" +# TODO(yoctozepto): Remove after Zed. Kept for compatibility only. +admin_protocol: "{{ internal_protocol }}" #################### # OpenStack options @@ -847,7 +848,8 @@ kibana_log_prefix: "flog" keystone_internal_fqdn: "{{ kolla_internal_fqdn }}" keystone_external_fqdn: "{{ kolla_external_fqdn }}" -keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}" +# TODO(yoctozepto): Remove after Zed. Kept for compatibility only. +keystone_admin_url: "{{ keystone_internal_url }}" keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}" keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}" @@ -875,7 +877,7 @@ keystone_default_user_role: "_member_" # OpenStack authentication string. You should only need to override these if you # are changing the admin tenant/project or user. openstack_auth: - auth_url: "{{ keystone_admin_url }}" + auth_url: "{{ keystone_internal_url }}" username: "{{ keystone_admin_user }}" password: "{{ keystone_admin_password }}" user_domain_name: "{{ default_user_domain_name }}" diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2 index 607c19e17e..860e6f60f4 100644 --- a/ansible/roles/aodh/templates/aodh.conf.j2 +++ b/ansible/roles/aodh/templates/aodh.conf.j2 @@ -25,7 +25,7 @@ project_name = service user_domain_name = {{ default_user_domain_name }} username = {{ aodh_keystone_user }} password = {{ aodh_keystone_password }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password cafile = {{ openstack_cacert }} region_name = {{ openstack_region_name }} diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2 index 00c9ecf413..546dbc7f04 100644 --- a/ansible/roles/barbican/templates/barbican.conf.j2 +++ b/ansible/roles/barbican/templates/barbican.conf.j2 @@ -59,7 +59,7 @@ project_name = service user_domain_id = {{ default_user_domain_id }} username = {{ barbican_keystone_user }} password = {{ barbican_keystone_password }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password cafile = {{ openstack_cacert }} region_name = {{ openstack_region_name }} diff --git a/ansible/roles/blazar/templates/blazar.conf.j2 b/ansible/roles/blazar/templates/blazar.conf.j2 index 07545371fd..69890191a3 100644 --- a/ansible/roles/blazar/templates/blazar.conf.j2 +++ b/ansible/roles/blazar/templates/blazar.conf.j2 @@ -6,7 +6,7 @@ host = {{ api_interface_address }} port = {{ blazar_api_port }} os_auth_host = {{ keystone_internal_fqdn }} os_auth_port = {{ keystone_public_port }} -os_auth_protocol = {{ admin_protocol }} +os_auth_protocol = {{ internal_protocol }} os_auth_version = v3 os_admin_username = {{ blazar_keystone_user }} os_admin_password = {{ blazar_keystone_password }} @@ -21,7 +21,7 @@ plugins = virtual.instance.plugin,physical.host.plugin [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }}/v3 -auth_url = {{ keystone_admin_url }}/v3 +auth_url = {{ keystone_internal_url }}/v3 auth_type = password project_domain_id = default user_domain_id = default diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2 index 51116adaf0..3149bc352f 100644 --- a/ansible/roles/cinder/templates/cinder.conf.j2 +++ b/ansible/roles/cinder/templates/cinder.conf.j2 @@ -85,7 +85,7 @@ policy_file = {{ cinder_policy_file }} [nova] interface = internal -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -103,7 +103,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 index efa54250e0..af9e368fe8 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 @@ -18,7 +18,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/common/templates/admin-openrc.sh.j2 b/ansible/roles/common/templates/admin-openrc.sh.j2 index deccd58b45..615c52a34c 100644 --- a/ansible/roles/common/templates/admin-openrc.sh.j2 +++ b/ansible/roles/common/templates/admin-openrc.sh.j2 @@ -8,7 +8,7 @@ export OS_PROJECT_NAME={{ keystone_admin_project }} export OS_TENANT_NAME={{ keystone_admin_project }} export OS_USERNAME={{ keystone_admin_user }} export OS_PASSWORD={{ keystone_admin_password }} -export OS_AUTH_URL={{ keystone_admin_url }}/v3 +export OS_AUTH_URL={{ keystone_internal_url }}/v3 export OS_INTERFACE=internal export OS_ENDPOINT_TYPE=internalURL {% if enable_manila | bool %} diff --git a/ansible/roles/cyborg/templates/cyborg.conf.j2 b/ansible/roles/cyborg/templates/cyborg.conf.j2 index 737925f9a4..180c7f8ef9 100644 --- a/ansible/roles/cyborg/templates/cyborg.conf.j2 +++ b/ansible/roles/cyborg/templates/cyborg.conf.j2 @@ -25,14 +25,14 @@ project_name = service user_domain_name = {{ default_user_domain_name }} username = {{ cyborg_keystone_user }} password = {{ cyborg_keystone_password }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password cafile = {{ openstack_cacert }} region_name = {{ openstack_region_name }} [placement] auth_type = password -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} username = {{ placement_keystone_user }} password = {{ placement_keystone_password }} user_domain_name = {{ default_user_domain_name }} diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2 index 3d977f6228..e47c913d50 100644 --- a/ansible/roles/designate/templates/designate.conf.j2 +++ b/ansible/roles/designate/templates/designate.conf.j2 @@ -20,7 +20,7 @@ enabled_extensions_admin = quotas, reports [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/freezer/templates/freezer.conf.j2 b/ansible/roles/freezer/templates/freezer.conf.j2 index aaa07dcb78..99b6365b43 100644 --- a/ansible/roles/freezer/templates/freezer.conf.j2 +++ b/ansible/roles/freezer/templates/freezer.conf.j2 @@ -25,7 +25,7 @@ os_user_domain_name = {{ openstack_auth.user_domain_name }} {% if service_name == 'freezer-api' %} [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2 index 52dab9ba1e..371ad6d464 100644 --- a/ansible/roles/glance/templates/glance-api.conf.j2 +++ b/ansible/roles/glance/templates/glance-api.conf.j2 @@ -42,7 +42,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/glance/templates/glance-cache.conf.j2 b/ansible/roles/glance/templates/glance-cache.conf.j2 index 9e3275399f..9ff0f6efc6 100644 --- a/ansible/roles/glance/templates/glance-cache.conf.j2 +++ b/ansible/roles/glance/templates/glance-cache.conf.j2 @@ -6,7 +6,7 @@ log_file = /var/log/kolla/glance/glance-cache.log image_cache_max_size = {{ glance_cache_max_size }} image_cache_dir = /var/lib/glance/image-cache -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} admin_password = {{ glance_keystone_password }} admin_user = {{ glance_keystone_user }} admin_tenant_name = {{ default_project_domain_id }} diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2 index dc645160a5..e2f53ad3f8 100644 --- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 +++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2 @@ -50,7 +50,7 @@ project_name = service user_domain_id = {{ default_user_domain_id }} username = {{ gnocchi_keystone_user }} password = {{ gnocchi_keystone_password }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password cafile = {{ openstack_cacert }} region_name = {{ openstack_region_name }} diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2 index a9fe31fdc7..b9cb32910c 100644 --- a/ansible/roles/heat/templates/heat.conf.j2 +++ b/ansible/roles/heat/templates/heat.conf.j2 @@ -44,7 +44,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -67,7 +67,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address [trustee] auth_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password user_domain_id = {{ default_user_domain_id }} username = {{ heat_keystone_user }} diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 index d9e34478af..6a1eebb2eb 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -20,7 +20,7 @@ ssl_ca_file = {{ om_rabbitmq_cacert }} [ironic] {% if ironic_enable_keystone_integration | bool %} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -38,7 +38,7 @@ endpoint_override = {{ ironic_internal_endpoint }} {% if ironic_enable_keystone_integration | bool %} [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index 2c78dd8ad2..17a062e3c5 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -48,7 +48,7 @@ max_retries = -1 {% if ironic_enable_keystone_integration | bool %} [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -66,7 +66,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres {% if enable_cinder | bool %} [cinder] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = default @@ -80,7 +80,7 @@ cafile = {{ openstack_cacert }} {% if enable_glance | bool %} [glance] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = default @@ -94,7 +94,7 @@ cafile = {{ openstack_cacert }} {% if enable_neutron | bool %} [neutron] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = default @@ -109,7 +109,7 @@ cafile = {{ openstack_cacert }} {% if enable_nova | bool %} [nova] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = default @@ -123,7 +123,7 @@ cafile = {{ openstack_cacert }} {% if enable_swift | bool %} [swift] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -137,7 +137,7 @@ cafile = {{ openstack_cacert }} [inspector] {% if ironic_enable_keystone_integration | bool %} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = default @@ -154,7 +154,7 @@ endpoint_override = {{ ironic_inspector_internal_endpoint }} [service_catalog] {% if ironic_enable_keystone_integration | bool %} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = default diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml index 541dd41dc1..d07c9a594e 100644 --- a/ansible/roles/keystone/defaults/main.yml +++ b/ansible/roles/keystone/defaults/main.yml @@ -186,7 +186,7 @@ keystone_ks_services: type: "identity" description: "Openstack Identity Service" endpoints: - - {'interface': 'admin', 'url': '{{ keystone_admin_url }}'} + - {'interface': 'admin', 'url': '{{ keystone_internal_url }}'} - {'interface': 'internal', 'url': '{{ keystone_internal_url }}'} - {'interface': 'public', 'url': '{{ keystone_public_url }}'} diff --git a/ansible/roles/keystone/tasks/register.yml b/ansible/roles/keystone/tasks/register.yml index 4e7bdccc62..1afb3fce71 100644 --- a/ansible/roles/keystone/tasks/register.yml +++ b/ansible/roles/keystone/tasks/register.yml @@ -4,7 +4,7 @@ command: > docker exec keystone kolla_keystone_bootstrap {{ openstack_auth.username }} {{ openstack_auth.password }} {{ keystone_admin_project }} - admin {{ keystone_admin_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }} + admin {{ keystone_internal_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }} register: keystone_bootstrap changed_when: (keystone_bootstrap.stdout | from_json).changed failed_when: (keystone_bootstrap.stdout | from_json).failed diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2 index 9ac3d4cf00..c399740c07 100644 --- a/ansible/roles/kuryr/templates/kuryr.conf.j2 +++ b/ansible/roles/kuryr/templates/kuryr.conf.j2 @@ -11,7 +11,7 @@ default_driver = kuryr.lib.binding.drivers.veth [neutron] auth_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password endpoint_type = internal project_domain_name = {{ default_project_domain_name }} diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2 index 321f54186c..072ea353aa 100644 --- a/ansible/roles/magnum/templates/magnum.conf.j2 +++ b/ansible/roles/magnum/templates/magnum.conf.j2 @@ -77,7 +77,7 @@ cafile = {{ openstack_cacert }} [keystone_authtoken] auth_version = v3 www_authenticate_uri = {{ keystone_internal_url }}/v3 -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_name = {{ default_project_domain_name }} user_domain_name = {{ default_user_domain_name }} diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2 index b36bfa8513..82cecff683 100644 --- a/ansible/roles/manila/templates/manila-share.conf.j2 +++ b/ansible/roles/manila/templates/manila-share.conf.j2 @@ -6,7 +6,7 @@ enabled_share_backends = {{ manila_enabled_backends|map(attribute='name')|join(' default_share_type = default_share_type [glance] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -19,7 +19,7 @@ cafile = {{ openstack_cacert }} [cinder] auth_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -36,7 +36,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres [nova] auth_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -54,7 +54,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres [neutron] auth_uri = {{ keystone_internal_url }} url = {{ neutron_internal_endpoint }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2 index b9335c648a..e5f5c359b3 100644 --- a/ansible/roles/manila/templates/manila.conf.j2 +++ b/ansible/roles/manila/templates/manila.conf.j2 @@ -32,7 +32,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/masakari/templates/masakari-monitors.conf.j2 b/ansible/roles/masakari/templates/masakari-monitors.conf.j2 index 0239e6e5a4..016fb8d4c9 100644 --- a/ansible/roles/masakari/templates/masakari-monitors.conf.j2 +++ b/ansible/roles/masakari/templates/masakari-monitors.conf.j2 @@ -4,7 +4,7 @@ log_dir = /var/log/kolla/masakari [api] region = {{ openstack_region_name }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} user_domain_id = {{ default_user_domain_id }} project_name = service project_domain_id = {{ default_project_domain_id }} diff --git a/ansible/roles/masakari/templates/masakari.conf.j2 b/ansible/roles/masakari/templates/masakari.conf.j2 index b77880073f..fe46740b76 100644 --- a/ansible/roles/masakari/templates/masakari.conf.j2 +++ b/ansible/roles/masakari/templates/masakari.conf.j2 @@ -23,7 +23,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }}/v3 -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_name = {{ default_project_domain_name }} user_domain_name = {{ default_user_domain_name }} diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2 index af604947b6..58291e5703 100644 --- a/ansible/roles/mistral/templates/mistral.conf.j2 +++ b/ansible/roles/mistral/templates/mistral.conf.j2 @@ -40,7 +40,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }}/v3 -auth_url = {{ keystone_admin_url }}/v3 +auth_url = {{ keystone_internal_url }}/v3 auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2 b/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2 index 84365caed6..5a55dbf792 100644 --- a/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2 +++ b/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2 @@ -4,7 +4,7 @@ Api: region_name: {{ openstack_region_name }} username: {{ monasca_agent_user }} password: {{ monasca_agent_password }} - keystone_url: {{ keystone_admin_url }} + keystone_url: {{ keystone_internal_url }} user_domain_name: Default project_name: {{ monasca_control_plane_project }} project_domain_id: {{ default_project_domain_id }} diff --git a/ansible/roles/monasca/templates/monasca-api/api.conf.j2 b/ansible/roles/monasca/templates/monasca-api/api.conf.j2 index cb55fadbdc..14990642b6 100644 --- a/ansible/roles/monasca/templates/monasca-api/api.conf.j2 +++ b/ansible/roles/monasca/templates/monasca-api/api.conf.j2 @@ -32,7 +32,7 @@ delegate_authorized_roles = {{ monasca_delegate_authorized_roles|join(', ') }} [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2 index d99fe06061..3d8f05b7b7 100644 --- a/ansible/roles/murano/templates/murano.conf.j2 +++ b/ansible/roles/murano/templates/murano.conf.j2 @@ -22,7 +22,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -38,7 +38,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres [murano_auth] auth_uri = {{ keystone_internal_url }}/v3 -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_name = {{ default_project_domain_name }} user_domain_name = {{ default_user_domain_name }} diff --git a/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2 b/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2 index 2e8d05fd91..5906991f31 100644 --- a/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2 +++ b/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2 @@ -1,5 +1,5 @@ [ironic] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 5b0ad347ea..b952fba2cd 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -86,7 +86,7 @@ nsx_extension_drivers = vmware_dvs_dns ipam_driver = {{ neutron_ipam_driver }} [nova] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -114,7 +114,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -161,7 +161,7 @@ drivers = ovs [designate] url = {{ designate_internal_endpoint }}/v2 auth_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -185,7 +185,7 @@ connection_string = {{ osprofiler_backend_connection_string }} [placement] auth_type = password -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} username = {{ placement_keystone_user }} password = {{ placement_keystone_password }} user_domain_name = {{ default_user_domain_name }} diff --git a/ansible/roles/nova-cell/templates/nova.conf.j2 b/ansible/roles/nova-cell/templates/nova.conf.j2 index 9baa712f25..e087f09b9a 100644 --- a/ansible/roles/nova-cell/templates/nova.conf.j2 +++ b/ansible/roles/nova-cell/templates/nova.conf.j2 @@ -107,7 +107,7 @@ num_retries = 3 [cinder] catalog_info = volumev3:cinderv3:internalURL os_region_name = {{ openstack_region_name }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_name = {{ default_project_domain_name }} user_domain_id = {{ default_user_domain_id }} @@ -123,7 +123,7 @@ service_metadata_proxy = true {% if neutron_plugin_agent in ['vmware_nsxv3', 'vmware_nsxp'] %} ovs_bridge = {{ ovs_bridge }} {% endif %} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password cafile = {{ openstack_cacert }} project_domain_name = {{ default_project_domain_name }} @@ -203,7 +203,7 @@ debug = {{ nova_logging_debug }} [placement] auth_type = password -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} username = {{ placement_keystone_user }} password = {{ placement_keystone_password }} user_domain_name = {{ default_user_domain_name }} diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index 93913c065d..8cf9e77852 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -66,7 +66,7 @@ debug = {{ nova_logging_debug }} [cinder] catalog_info = volumev3:cinderv3:internalURL os_region_name = {{ openstack_region_name }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_name = {{ default_project_domain_name }} user_domain_id = {{ default_user_domain_id }} @@ -79,7 +79,7 @@ cafile = {{ openstack_cacert }} [neutron] metadata_proxy_shared_secret = {{ metadata_secret }} service_metadata_proxy = true -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_name = {{ default_project_domain_name }} user_domain_id = {{ default_user_domain_id }} @@ -111,7 +111,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -170,7 +170,7 @@ workers = {{ openstack_service_workers }} [placement] auth_type = password -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} username = {{ placement_keystone_user }} password = {{ placement_keystone_password }} user_domain_name = {{ default_user_domain_name }} diff --git a/ansible/roles/octavia/defaults/main.yml b/ansible/roles/octavia/defaults/main.yml index 5a41259896..8af04ec28e 100644 --- a/ansible/roles/octavia/defaults/main.yml +++ b/ansible/roles/octavia/defaults/main.yml @@ -251,7 +251,7 @@ octavia_loadbalancer_topology: "SINGLE" # OpenStack auth used when registering resources for Octavia. octavia_user_auth: - auth_url: "{{ keystone_admin_url }}" + auth_url: "{{ keystone_internal_url }}" username: "octavia" password: "{{ octavia_keystone_password }}" project_name: "{{ octavia_service_auth_project }}" diff --git a/ansible/roles/octavia/templates/octavia-openrc.sh.j2 b/ansible/roles/octavia/templates/octavia-openrc.sh.j2 index 605613526b..4833855b0b 100644 --- a/ansible/roles/octavia/templates/octavia-openrc.sh.j2 +++ b/ansible/roles/octavia/templates/octavia-openrc.sh.j2 @@ -5,6 +5,6 @@ export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME={{ octavia_service_auth_project }} export OS_USERNAME={{ octavia_keystone_user }} export OS_PASSWORD={{ octavia_keystone_password }} -export OS_AUTH_URL={{ keystone_admin_url }}/v3 +export OS_AUTH_URL={{ keystone_internal_url }}/v3 export OS_INTERFACE=internal export OS_ENDPOINT_TYPE=internalURL diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2 index 1ed0e27e88..621dd2ee13 100644 --- a/ansible/roles/octavia/templates/octavia.conf.j2 +++ b/ansible/roles/octavia/templates/octavia.conf.j2 @@ -44,7 +44,7 @@ max_pool_size = {{ database_max_pool_size }} max_retries = -1 [service_auth] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password username = {{ octavia_keystone_user }} password = {{ octavia_keystone_password }} @@ -59,7 +59,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/placement/templates/placement.conf.j2 b/ansible/roles/placement/templates/placement.conf.j2 index 04ca66fa90..bb788a7cd1 100644 --- a/ansible/roles/placement/templates/placement.conf.j2 +++ b/ansible/roles/placement/templates/placement.conf.j2 @@ -36,7 +36,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/prometheus/templates/clouds.yml.j2 b/ansible/roles/prometheus/templates/clouds.yml.j2 index ffb711d7ff..38d4a92383 100644 --- a/ansible/roles/prometheus/templates/clouds.yml.j2 +++ b/ansible/roles/prometheus/templates/clouds.yml.j2 @@ -11,4 +11,4 @@ clouds: project_domain_name: 'Default' user_domain_name: 'Default' cacert: {{ openstack_cacert }} - auth_url: {{ keystone_admin_url }}/v3 + auth_url: {{ keystone_internal_url }}/v3 diff --git a/ansible/roles/sahara/templates/sahara.conf.j2 b/ansible/roles/sahara/templates/sahara.conf.j2 index 67c1288470..f53c164059 100644 --- a/ansible/roles/sahara/templates/sahara.conf.j2 +++ b/ansible/roles/sahara/templates/sahara.conf.j2 @@ -16,7 +16,7 @@ connection_recycle_time = {{ database_connection_recycle_time }} max_pool_size = {{ database_max_pool_size }} [keystone_authtoken] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password user_domain_name = {{ default_project_domain_name }} project_name = service @@ -60,5 +60,5 @@ project_name = service user_domain_name = {{ default_user_domain_name }} username = {{ sahara_keystone_user }} password = {{ sahara_keystone_password }} -auth_url = {{ keystone_admin_url }}/v3 +auth_url = {{ keystone_internal_url }}/v3 cafile = {{ openstack_cacert }} diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2 index 91064bcbac..804a35ec9c 100644 --- a/ansible/roles/senlin/templates/senlin.conf.j2 +++ b/ansible/roles/senlin/templates/senlin.conf.j2 @@ -13,7 +13,7 @@ workers = {{ openstack_service_workers }} {% endif %} [authentication] -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} service_username = {{ senlin_keystone_user }} service_password = {{ senlin_keystone_password }} service_project_name = service @@ -43,7 +43,7 @@ workers = {{ openstack_service_workers }} [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/solum/templates/solum.conf.j2 b/ansible/roles/solum/templates/solum.conf.j2 index 60eec43e65..4ebec02f35 100644 --- a/ansible/roles/solum/templates/solum.conf.j2 +++ b/ansible/roles/solum/templates/solum.conf.j2 @@ -49,7 +49,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2 index 90dab06112..42f87ee537 100644 --- a/ansible/roles/swift/templates/proxy-server.conf.j2 +++ b/ansible/roles/swift/templates/proxy-server.conf.j2 @@ -36,7 +36,7 @@ use = egg:swift#proxy_logging [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory auth_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2 index dee94b7af7..df2fa1c2c4 100644 --- a/ansible/roles/tacker/templates/tacker.conf.j2 +++ b/ansible/roles/tacker/templates/tacker.conf.j2 @@ -33,7 +33,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_name = {{ default_project_domain_id }} user_domain_name = {{ default_user_domain_id }} @@ -51,7 +51,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres username = {{ tacker_keystone_user }} password = {{ tacker_keystone_password }} project_name = service -url = {{ keystone_admin_url }} +url = {{ keystone_internal_url }} [ceilometer] host = {{ api_interface_address }} diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2 index e7a2d2f016..f58ab43ab9 100644 --- a/ansible/roles/trove/templates/trove.conf.j2 +++ b/ansible/roles/trove/templates/trove.conf.j2 @@ -56,7 +56,7 @@ project_name = service user_domain_name = {{ default_user_domain_name }} username = {{ trove_keystone_user }} password = {{ trove_keystone_password }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password cafile = {{ openstack_cacert }} region_name = {{ openstack_region_name }} diff --git a/ansible/roles/venus/templates/venus.conf.j2 b/ansible/roles/venus/templates/venus.conf.j2 index 89039d7816..7e7b08364b 100644 --- a/ansible/roles/venus/templates/venus.conf.j2 +++ b/ansible/roles/venus/templates/venus.conf.j2 @@ -23,7 +23,7 @@ cafile = {{ openstack_cacert }} project_name = service password = {{ venus_keystone_password }} username = {{ venus_keystone_user }} -auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ keystone_internal_url }} project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} auth_type = password diff --git a/ansible/roles/vitrage/templates/vitrage.conf.j2 b/ansible/roles/vitrage/templates/vitrage.conf.j2 index 1482f8278a..4fac689c34 100644 --- a/ansible/roles/vitrage/templates/vitrage.conf.j2 +++ b/ansible/roles/vitrage/templates/vitrage.conf.j2 @@ -33,7 +33,7 @@ plugins = jaccard_correlation [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2 index 467e0b5b06..6ac5b966a3 100644 --- a/ansible/roles/watcher/templates/watcher.conf.j2 +++ b/ansible/roles/watcher/templates/watcher.conf.j2 @@ -20,7 +20,7 @@ max_retries = -1 [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -37,7 +37,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres [watcher_clients_auth] auth_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2 index 491b821c07..2553324959 100644 --- a/ansible/roles/zun/templates/zun.conf.j2 +++ b/ansible/roles/zun/templates/zun.conf.j2 @@ -32,7 +32,7 @@ max_retries = -1 # - best keep them both in sync [keystone_auth] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -54,7 +54,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres # - best keep them both in sync [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} -auth_url = {{ keystone_admin_url }} +auth_url = {{ keystone_internal_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml b/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml index b7721da54d..bbe130224a 100644 --- a/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml +++ b/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml @@ -1,4 +1,8 @@ --- +deprecations: + - | + Variables ``keystone_admin_port``, ``keystone_admin_url`` and + ``admin_protocol`` are deprecated for removal after Zed. upgrade: - | Keystone's admin interface no longer points to a separate port. @@ -6,3 +10,7 @@ upgrade: compatibility. Users are advised to run the deploy and post-deploy commands afterwards to ensure port's cleanup. For more information, please refer to the docs. + Please note that the relevant variables ``keystone_admin_port``, + ``keystone_admin_url`` and ``admin_protocol`` are no longer used + and are deprecated for removal after Zed. Please cease their usage + in your customisations.