diff --git a/playbooks/inventory/group_vars/all.yml b/playbooks/inventory/group_vars/all.yml index 2f71181fd5..fe6d6ba7fb 100644 --- a/playbooks/inventory/group_vars/all.yml +++ b/playbooks/inventory/group_vars/all.yml @@ -89,13 +89,16 @@ nova_service_adminuri: "{{ nova_service_proto }}://{{ internal_lb_vip_address }} nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s" nova_service_region: RegionOne nova_metadata_port: 8775 +nova_keystone_auth_plugin: password ## Neutron neutron_service_port: 9696 neutron_service_proto: http neutron_service_user_name: neutron -neutron_service_tenant_name: service +neutron_service_project_name: service +neutron_service_project_domain_id: default +neutron_service_user_domain_id: default neutron_service_adminuri: "{{ neutron_service_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}" neutron_service_adminurl: "{{ neutron_service_adminuri }}" neutron_service_region: RegionOne diff --git a/playbooks/roles/os_neutron/defaults/main.yml b/playbooks/roles/os_neutron/defaults/main.yml index b9a69fcf61..3f847b132c 100644 --- a/playbooks/roles/os_neutron/defaults/main.yml +++ b/playbooks/roles/os_neutron/defaults/main.yml @@ -75,7 +75,9 @@ neutron_rpc_workers: 0 neutron_metadata_backlog: 128 ## Auth -neutron_service_tenant_name: service +neutron_service_project_name: service +neutron_service_project_domain_id: default +neutron_service_user_domain_id: default neutron_service_role_name: admin neutron_service_user_name: neutron neutron_service_name: neutron @@ -91,6 +93,9 @@ neutron_service_internaluri: "{{ neutron_service_proto }}://{{ internal_lb_vip_a neutron_service_internalurl: "{{ neutron_service_internaluri }}" neutron_service_region: RegionOne +## Keystone authentication middleware +neutron_keystone_auth_plugin: password + neutron_service_program_name: neutron-server neutron_service_program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini neutron_service_program_enabled: false diff --git a/playbooks/roles/os_neutron/tasks/neutron_service_setup.yml b/playbooks/roles/os_neutron/tasks/neutron_service_setup.yml index 0d0fdb258b..524bdf0568 100644 --- a/playbooks/roles/os_neutron/tasks/neutron_service_setup.yml +++ b/playbooks/roles/os_neutron/tasks/neutron_service_setup.yml @@ -16,7 +16,7 @@ - include: neutron_service_add.yml vars: service_user_name: "{{ neutron_service_user_name }}" - service_tenant_name: "{{ neutron_service_tenant_name }}" + service_tenant_name: "{{ neutron_service_project_name }}" service_name: "{{ neutron_service_name }}" service_type: "{{ neutron_service_type }}" service_region: "{{ neutron_service_region }}" diff --git a/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 b/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 index d51eeef96e..a5626cd2ff 100644 --- a/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 +++ b/playbooks/roles/os_neutron/templates/metadata_agent.ini.j2 @@ -8,19 +8,21 @@ verbose = {{ verbose }} debug = {{ debug }} # The Neutron user information for accessing the Neutron API. -auth_url = {{ keystone_service_adminurl }} +auth_plugin = {{ neutron_keystone_auth_plugin }} +auth_url = {{ keystone_service_adminuri }} +auth_uri = {{ keystone_service_internaluri }} auth_region = {{ keystone_service_region }} +project_domain_id = {{ neutron_service_project_domain_id }} +user_domain_id = {{ neutron_service_user_domain_id }} +project_name = {{ neutron_service_project_name }} +username = {{ neutron_service_user_name }} +password = {{ neutron_service_password }} endpoint_type = adminURL # TCP Port used by Nova metadata server nova_metadata_ip = {{ internal_lb_vip_address }} nova_metadata_port = {{ nova_metadata_port }} -# Admin authentication -admin_tenant_name = {{ neutron_service_tenant_name }} -admin_user = {{ neutron_service_user_name }} -admin_password = {{ neutron_service_password }} - # Number of backlog requests to configure the metadata server socket with metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }} metadata_workers = {{ neutron_metadata_workers | default(api_threads) }} diff --git a/playbooks/roles/os_neutron/templates/neutron.conf.j2 b/playbooks/roles/os_neutron/templates/neutron.conf.j2 index f7cfceb55d..932cdbe159 100644 --- a/playbooks/roles/os_neutron/templates/neutron.conf.j2 +++ b/playbooks/roles/os_neutron/templates/neutron.conf.j2 @@ -69,10 +69,16 @@ send_events_interval = 2 ## Nova nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }} -nova_admin_username = {{ nova_service_user_name }} -nova_admin_tenant_id = {{ nova_admin_tenant_id }} -nova_admin_password = {{ nova_service_password }} -nova_admin_auth_url = {{ keystone_service_internalurl }} + +[nova] +auth_plugin = {{ nova_keystone_auth_plugin }} +auth_url = {{ keystone_service_adminuri }} +region_name = {{ nova_service_region }} +project_domain_id = {{ nova_service_project_domain_id }} +user_domain_id = {{ nova_service_user_domain_id }} +project_name = {{ nova_service_project_name }} +username = {{ nova_service_user_name }} +password = {{ nova_service_password }} [quotas] @@ -87,12 +93,15 @@ root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf [keystone_authtoken] +auth_plugin = {{ neutron_keystone_auth_plugin }} signing_dir = /var/cache/neutron -identity_uri = {{ keystone_service_adminuri }} -auth_uri = {{ keystone_service_internalurl }} -admin_tenant_name = {{ neutron_service_tenant_name }} -admin_user = {{ neutron_service_user_name }} -admin_password = {{ neutron_service_password }} +auth_url = {{ keystone_service_adminuri }} +auth_uri = {{ keystone_service_internaluri }} +project_domain_id = {{ neutron_service_project_domain_id }} +user_domain_id = {{ neutron_service_user_domain_id }} +project_name = {{ neutron_service_project_name }} +username = {{ neutron_service_user_name }} +password = {{ neutron_service_password }} memcached_servers = {{ memcached_servers }} diff --git a/playbooks/roles/os_nova/templates/nova.conf.j2 b/playbooks/roles/os_nova/templates/nova.conf.j2 index 2a1ebc8d92..e676ac5fce 100644 --- a/playbooks/roles/os_nova/templates/nova.conf.j2 +++ b/playbooks/roles/os_nova/templates/nova.conf.j2 @@ -129,7 +129,7 @@ auth_strategy = keystone admin_auth_url = {{ keystone_service_adminurl }} admin_password = {{ neutron_service_password }} admin_username = {{ neutron_service_user_name }} -admin_tenant_name = {{ neutron_service_tenant_name }} +admin_tenant_name = {{ neutron_service_project_name }} metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }} service_metadata_proxy = {{ nova_metadata_proxy_enabled }}