From 99ab6aedbb9ea6ea710fb1f77465414d8e37b15c Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 28 Feb 2023 12:29:57 +0100 Subject: [PATCH] Remove keystone admin leftovers Change-Id: Ic153a91beb30daa334ccbb0430ce8340bd6c480f --- ansible/group_vars/all.yml | 9 +----- ansible/roles/keystone/defaults/main.yml | 9 ------ ansible/roles/keystone/tasks/upgrade.yml | 11 -------- .../keystone/templates/wsgi-keystone.conf.j2 | 28 ------------------- tests/upgrade.sh | 3 -- 5 files changed, 1 insertion(+), 59 deletions(-) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 1c1abe63a2..9c08310112 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -406,12 +406,9 @@ iscsi_port: "3260" keystone_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else keystone_public_listen_port }}" keystone_public_listen_port: "5000" -# NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility. -# TODO(yoctozepto): Remove after Zed. -keystone_admin_port: "35357" -keystone_admin_listen_port: "{{ keystone_admin_port }}" keystone_internal_port: "5000" keystone_internal_listen_port: "{{ keystone_internal_port }}" + keystone_ssh_port: "8023" kuryr_port: "23750" @@ -665,8 +662,6 @@ vitrage_api_listen_port: "{{ vitrage_api_port }}" public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}" internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}" -# TODO(yoctozepto): Remove after Zed. Kept for compatibility only. -admin_protocol: "{{ internal_protocol }}" ################## # Firewall options @@ -969,8 +964,6 @@ acme_client_servers: [] keystone_internal_fqdn: "{{ kolla_internal_fqdn }}" keystone_external_fqdn: "{{ kolla_external_fqdn }}" -# TODO(yoctozepto): Remove after Zed. Kept for compatibility only. -keystone_admin_url: "{{ keystone_internal_fqdn | kolla_url(admin_protocol, keystone_admin_port) }}" keystone_internal_url: "{{ keystone_internal_fqdn | kolla_url(internal_protocol, keystone_internal_port) }}" keystone_public_url: "{{ keystone_external_fqdn | kolla_url(public_protocol, keystone_public_port) }}" diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml index 3a483d4b2e..6e8e58a540 100644 --- a/ansible/roles/keystone/defaults/main.yml +++ b/ansible/roles/keystone/defaults/main.yml @@ -26,15 +26,6 @@ keystone_services: port: "{{ keystone_public_port }}" listen_port: "{{ keystone_public_listen_port }}" backend_http_extra: "{{ ['balance source'] if enable_keystone_federation | bool else [] }}" - # NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility. - # TODO(yoctozepto): Remove after Zed. - keystone_admin: - enabled: "{{ enable_keystone and kolla_action == 'upgrade' }}" - mode: "http" - external: false - tls_backend: "{{ keystone_enable_tls_backend }}" - port: "{{ keystone_admin_port }}" - listen_port: "{{ keystone_admin_listen_port }}" keystone-ssh: container_name: "keystone_ssh" group: "keystone" diff --git a/ansible/roles/keystone/tasks/upgrade.yml b/ansible/roles/keystone/tasks/upgrade.yml index fab3e736c4..bbe2ca9338 100644 --- a/ansible/roles/keystone/tasks/upgrade.yml +++ b/ansible/roles/keystone/tasks/upgrade.yml @@ -48,14 +48,3 @@ run_once: True when: - not use_preconfigured_databases | bool - -# TODO(yoctozepto): Remove after Zed (in AA). -# This is needed to update the admin endpoint as the port has -# changed in the same release (Zed), i.e., the admin endpoint uses the -# same port as the other ones (public, internal). -- import_role: - name: service-ks-register - vars: - service_ks_register_auth: "{{ openstack_keystone_auth }}" - service_ks_register_services: "{{ keystone_ks_services }}" - run_once: True diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 index 2e42f5a7d1..f24ac72106 100644 --- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 +++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -8,11 +8,6 @@ LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so {% endif %} {% endif %} Listen {{ api_interface_address | put_address_in_context('url') }}:{{ keystone_public_listen_port }} -{% if kolla_action == 'upgrade' %} -# NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility. -# TODO(yoctozepto): Remove after Zed. -Listen {{ api_interface_address | put_address_in_context('url') }}:{{ keystone_admin_listen_port }} -{% endif %} ServerSignature Off ServerTokens Prod @@ -116,26 +111,3 @@ LogLevel info {% endif %} -{% if kolla_action == 'upgrade' %} -# NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility. -# TODO(yoctozepto): Remove after Zed. - - WSGIDaemonProcess keystone-admin processes={{ keystone_api_workers }} threads=1 user=keystone group=keystone display-name=keystone-admin - WSGIProcessGroup keystone-admin - WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-admin - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog "{{ keystone_log_dir }}/keystone-apache-admin-error.log" - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat - CustomLog "{{ keystone_log_dir }}/keystone-apache-admin-access.log" logformat - -{% if keystone_enable_tls_backend | bool %} - SSLEngine on - SSLCertificateFile /etc/keystone/certs/keystone-cert.pem - SSLCertificateKeyFile /etc/keystone/certs/keystone-key.pem -{% endif %} - -{% endif %} diff --git a/tests/upgrade.sh b/tests/upgrade.sh index fc0de80444..eaec0b1825 100755 --- a/tests/upgrade.sh +++ b/tests/upgrade.sh @@ -44,9 +44,6 @@ function upgrade { kolla-ansible -i ${RAW_INVENTORY} -vvv upgrade &> /tmp/logs/ansible/upgrade - # NOTE(yoctozepto): These actions remove the leftovers of the admin port. - # TODO(yoctozepto): Remove after Zed. - kolla-ansible -i ${RAW_INVENTORY} -vvv deploy --tags keystone &> /tmp/logs/ansible/upgrade-deploy kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy &> /tmp/logs/ansible/upgrade-post-deploy kolla-ansible -i ${RAW_INVENTORY} -vvv validate-config &> /tmp/logs/ansible/validate-config