Update keystone middleware in neutron for Kilo

Update keystone authentication middleware in neutron to
support the v3 API in Kilo.

Partially implements: blueprint master-kilofication

Change-Id: Icf692cfbdf4df83be21a87adfb434ef9a3c8ff49

playbooks/inventory/group_vars/all.yml

@@ -89,13 +89,16 @@ nova_service_adminuri: "{{ nova_service_proto }}://{{ internal_lb_vip_address }}
 nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s"
 nova_service_region: RegionOne
 nova_metadata_port: 8775
+nova_keystone_auth_plugin: password
 
 
 ## Neutron
 neutron_service_port: 9696
 neutron_service_proto: http
 neutron_service_user_name: neutron
-neutron_service_tenant_name: service
+neutron_service_project_name: service
+neutron_service_project_domain_id: default
+neutron_service_user_domain_id: default
 neutron_service_adminuri: "{{ neutron_service_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
 neutron_service_adminurl: "{{ neutron_service_adminuri }}"
 neutron_service_region: RegionOne

playbooks/roles/os_neutron/defaults/main.yml

@@ -75,7 +75,9 @@ neutron_rpc_workers: 0
 neutron_metadata_backlog: 128
 
 ## Auth
-neutron_service_tenant_name: service
+neutron_service_project_name: service
+neutron_service_project_domain_id: default
+neutron_service_user_domain_id: default
 neutron_service_role_name: admin
 neutron_service_user_name: neutron
 neutron_service_name: neutron
@@ -91,6 +93,9 @@ neutron_service_internaluri: "{{ neutron_service_proto }}://{{ internal_lb_vip_a
 neutron_service_internalurl: "{{ neutron_service_internaluri }}"
 neutron_service_region: RegionOne
 
+## Keystone authentication middleware
+neutron_keystone_auth_plugin: password
+
 neutron_service_program_name: neutron-server
 neutron_service_program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
 neutron_service_program_enabled: false

playbooks/roles/os_neutron/tasks/neutron_service_setup.yml

@@ -16,7 +16,7 @@
 - include: neutron_service_add.yml
   vars:
     service_user_name: "{{ neutron_service_user_name }}"
-    service_tenant_name: "{{ neutron_service_tenant_name }}"
+    service_tenant_name: "{{ neutron_service_project_name }}"
     service_name: "{{ neutron_service_name }}"
     service_type: "{{ neutron_service_type }}"
     service_region: "{{ neutron_service_region }}"

playbooks/roles/os_neutron/templates/metadata_agent.ini.j2

@@ -8,19 +8,21 @@ verbose = {{ verbose }}
 debug = {{ debug }}
 
 # The Neutron user information for accessing the Neutron API.
-auth_url = {{ keystone_service_adminurl }}
+auth_plugin = {{ neutron_keystone_auth_plugin }}
+auth_url = {{ keystone_service_adminuri }}
+auth_uri = {{ keystone_service_internaluri }}
 auth_region = {{ keystone_service_region }}
+project_domain_id = {{ neutron_service_project_domain_id }}
+user_domain_id = {{ neutron_service_user_domain_id }}
+project_name = {{ neutron_service_project_name }}
+username = {{ neutron_service_user_name }}
+password = {{ neutron_service_password }}
 endpoint_type = adminURL
 
 # TCP Port used by Nova metadata server
 nova_metadata_ip = {{ internal_lb_vip_address }}
 nova_metadata_port = {{ nova_metadata_port }}
 
-# Admin authentication
-admin_tenant_name = {{ neutron_service_tenant_name }}
-admin_user = {{ neutron_service_user_name }}
-admin_password = {{ neutron_service_password }}
-
 # Number of backlog requests to configure the metadata server socket with
 metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
 metadata_workers = {{ neutron_metadata_workers | default(api_threads) }}

playbooks/roles/os_neutron/templates/neutron.conf.j2

@@ -69,10 +69,16 @@ send_events_interval = 2
 
 ## Nova
 nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }}
-nova_admin_username = {{ nova_service_user_name }}
+
-nova_admin_tenant_id = {{ nova_admin_tenant_id }}
+[nova]
-nova_admin_password = {{ nova_service_password }}
+auth_plugin = {{ nova_keystone_auth_plugin }}
-nova_admin_auth_url = {{ keystone_service_internalurl }}
+auth_url = {{ keystone_service_adminuri }}
+region_name = {{ nova_service_region }}
+project_domain_id = {{ nova_service_project_domain_id }}
+user_domain_id = {{ nova_service_user_domain_id }}
+project_name = {{ nova_service_project_name }}
+username = {{ nova_service_user_name }}
+password = {{ nova_service_password }}
 
 
 [quotas]
@@ -87,12 +93,15 @@ root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
 
 
 [keystone_authtoken]
+auth_plugin = {{ neutron_keystone_auth_plugin }}
 signing_dir = /var/cache/neutron
-identity_uri = {{ keystone_service_adminuri }}
+auth_url = {{ keystone_service_adminuri }}
-auth_uri = {{ keystone_service_internalurl }}
+auth_uri = {{ keystone_service_internaluri }}
-admin_tenant_name = {{ neutron_service_tenant_name }}
+project_domain_id = {{ neutron_service_project_domain_id }}
-admin_user = {{ neutron_service_user_name }}
+user_domain_id = {{ neutron_service_user_domain_id }}
-admin_password = {{ neutron_service_password }}
+project_name = {{ neutron_service_project_name }}
+username = {{ neutron_service_user_name }}
+password = {{ neutron_service_password }}
 
 memcached_servers = {{ memcached_servers }}
 

playbooks/roles/os_nova/templates/nova.conf.j2

@@ -129,7 +129,7 @@ auth_strategy = keystone
 admin_auth_url = {{ keystone_service_adminurl }}
 admin_password = {{ neutron_service_password }}
 admin_username = {{ neutron_service_user_name }}
-admin_tenant_name = {{ neutron_service_tenant_name }}
+admin_tenant_name = {{ neutron_service_project_name }}
 metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
 service_metadata_proxy = {{ nova_metadata_proxy_enabled }}