diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml index 900f7f5b76..275378d71e 100644 --- a/ansible/roles/ironic/defaults/main.yml +++ b/ansible/roles/ironic/defaults/main.yml @@ -288,6 +288,7 @@ ironic_enabled_notification_topics: "{{ ironic_notification_topics | selectattr( #################### # Keystone #################### +ironic_enable_keystone_integration: "{{ enable_keystone | bool }}" ironic_ks_services: - name: "ironic" type: "baremetal" diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index f385fdc812..9b7de4d5c2 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -6,7 +6,7 @@ # suppressed by the deployer by setting a value for the option. [DEFAULT] -{% if not enable_keystone | bool %} +{% if not ironic_enable_keystone_integration | bool %} auth_strategy = noauth {% endif %} debug = {{ ironic_logging_debug }} @@ -52,7 +52,7 @@ connection_recycle_time = {{ database_connection_recycle_time }} max_pool_size = {{ database_max_pool_size }} max_retries = -1 -{% if enable_keystone | bool %} +{% if ironic_enable_keystone_integration | bool %} [keystone_authtoken] www_authenticate_uri = {{ keystone_internal_url }} auth_url = {{ keystone_admin_url }} @@ -143,7 +143,7 @@ cafile = {{ openstack_cacert }} {% endif %} [inspector] -{% if enable_keystone | bool %} +{% if ironic_enable_keystone_integration | bool %} auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = default @@ -160,7 +160,7 @@ endpoint_override = {{ ironic_inspector_internal_endpoint }} {% endif %} [service_catalog] -{% if enable_keystone | bool %} +{% if ironic_enable_keystone_integration | bool %} auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = default diff --git a/doc/source/reference/bare-metal/ironic-guide.rst b/doc/source/reference/bare-metal/ironic-guide.rst index 8add19ed96..b9c893211c 100644 --- a/doc/source/reference/bare-metal/ironic-guide.rst +++ b/doc/source/reference/bare-metal/ironic-guide.rst @@ -106,6 +106,28 @@ enabled_boot_interfaces`` option in ``/etc/kolla/config/ironic.conf``: [DEFAULT] enabled_boot_interfaces = ipxe +Attach ironic to external keystone (optional) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +In :kolla-ansible-doc:`multi-regional ` deployment +keystone could be installed in one region (let's say region 1) and ironic - +in another region (let's say region 2). In this case we don't install keystone +together with ironic in region 2, but have to configure ironic to connect to +existing keystone in region 1. To deploy ironic in this way we have to set +variable ``enable_keystone`` to ``"no"``. + +.. code-block:: yaml + + enable_keystone: "no" + +It will prevent keystone from being installed in region 2. + +To add keystone-related sections in ironic.conf, it is also needed to set +variable ``ironic_enable_keystone_integration`` to ``"yes"`` + +.. code-block:: yaml + + ironic_enable_keystone_integration: "yes" + Deployment ~~~~~~~~~~ Run the deploy as usual: diff --git a/releasenotes/notes/update-ironic-template-for-keystone-1ee5f80fda7a21a0.yaml b/releasenotes/notes/update-ironic-template-for-keystone-1ee5f80fda7a21a0.yaml new file mode 100644 index 0000000000..002f3990e2 --- /dev/null +++ b/releasenotes/notes/update-ironic-template-for-keystone-1ee5f80fda7a21a0.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + New variable ``ironic_enable_keystone_integration`` was added. + It helps to add keystone connection information into + ``ironic.conf`` if we want to connect to existing keystone + (not installing it at the same time).