openstack/openstack-ansible
Code Issues Proposed changes

Update keystone middleware in neutron for Kilo

Browse Source 
Update keystone authentication middleware in neutron to
support the v3 API in Kilo.

Partially implements: blueprint master-kilofication

Change-Id: Icf692cfbdf4df83be21a87adfb434ef9a3c8ff49
This commit is contained in:
Matthew Kassawara 2015-04-10 08:43:54 -05:00
parent 579c26ce67
commit 92f54f8f49
6 changed files with 38 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
playbooks/inventory/group_vars/all.yml
View File

@ -89,13 +89,16 @@ nova_service_adminuri: "{{ nova_service_proto }}://{{ internal_lb_vip_address }}
nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s"
nova_service_region: RegionOne
nova_metadata_port: 8775
nova_keystone_auth_plugin: password
## Neutron
neutron_service_port: 9696
neutron_service_proto: http
neutron_service_user_name: neutron
neutron_service_tenant_name: service
neutron_service_project_name: service
neutron_service_project_domain_id: default
neutron_service_user_domain_id: default
neutron_service_adminuri: "{{ neutron_service_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
neutron_service_adminurl: "{{ neutron_service_adminuri }}"
neutron_service_region: RegionOne

7
playbooks/roles/os_neutron/defaults/main.yml
View File

@ -75,7 +75,9 @@ neutron_rpc_workers: 0
neutron_metadata_backlog: 128
## Auth
neutron_service_tenant_name: service
neutron_service_project_name: service
neutron_service_project_domain_id: default
neutron_service_user_domain_id: default
neutron_service_role_name: admin
neutron_service_user_name: neutron
neutron_service_name: neutron
@ -91,6 +93,9 @@ neutron_service_internaluri: "{{ neutron_service_proto }}://{{ internal_lb_vip_a
neutron_service_internalurl: "{{ neutron_service_internaluri }}"
neutron_service_region: RegionOne
## Keystone authentication middleware
neutron_keystone_auth_plugin: password
neutron_service_program_name: neutron-server
neutron_service_program_config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
neutron_service_program_enabled: false

2
playbooks/roles/os_neutron/tasks/neutron_service_setup.yml
View File

@ -16,7 +16,7 @@
- include: neutron_service_add.yml
vars:
service_user_name: "{{ neutron_service_user_name }}"
service_tenant_name: "{{ neutron_service_tenant_name }}"
service_tenant_name: "{{ neutron_service_project_name }}"
service_name: "{{ neutron_service_name }}"
service_type: "{{ neutron_service_type }}"
service_region: "{{ neutron_service_region }}"

14
playbooks/roles/os_neutron/templates/metadata_agent.ini.j2
View File

@ -8,19 +8,21 @@ verbose = {{ verbose }}
debug = {{ debug }}
# The Neutron user information for accessing the Neutron API.
auth_url = {{ keystone_service_adminurl }}
auth_plugin = {{ neutron_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
auth_region = {{ keystone_service_region }}
project_domain_id = {{ neutron_service_project_domain_id }}
user_domain_id = {{ neutron_service_user_domain_id }}
project_name = {{ neutron_service_project_name }}
username = {{ neutron_service_user_name }}
password = {{ neutron_service_password }}
endpoint_type = adminURL
# TCP Port used by Nova metadata server
nova_metadata_ip = {{ internal_lb_vip_address }}
nova_metadata_port = {{ nova_metadata_port }}
# Admin authentication
admin_tenant_name = {{ neutron_service_tenant_name }}
admin_user = {{ neutron_service_user_name }}
admin_password = {{ neutron_service_password }}
# Number of backlog requests to configure the metadata server socket with
metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
metadata_workers = {{ neutron_metadata_workers | default(api_threads) }}

27
playbooks/roles/os_neutron/templates/neutron.conf.j2
View File

@ -69,10 +69,16 @@ send_events_interval = 2
## Nova
nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }}
nova_admin_username = {{ nova_service_user_name }}
nova_admin_tenant_id = {{ nova_admin_tenant_id }}
nova_admin_password = {{ nova_service_password }}
nova_admin_auth_url = {{ keystone_service_internalurl }}
[nova]
auth_plugin = {{ nova_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }}
region_name = {{ nova_service_region }}
project_domain_id = {{ nova_service_project_domain_id }}
user_domain_id = {{ nova_service_user_domain_id }}
project_name = {{ nova_service_project_name }}
username = {{ nova_service_user_name }}
password = {{ nova_service_password }}
[quotas]
@ -87,12 +93,15 @@ root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[keystone_authtoken]
auth_plugin = {{ neutron_keystone_auth_plugin }}
signing_dir = /var/cache/neutron
identity_uri = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internalurl }}
admin_tenant_name = {{ neutron_service_tenant_name }}
admin_user = {{ neutron_service_user_name }}
admin_password = {{ neutron_service_password }}
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ neutron_service_project_domain_id }}
user_domain_id = {{ neutron_service_user_domain_id }}
project_name = {{ neutron_service_project_name }}
username = {{ neutron_service_user_name }}
password = {{ neutron_service_password }}
memcached_servers = {{ memcached_servers }}

2
playbooks/roles/os_nova/templates/nova.conf.j2
View File

@ -129,7 +129,7 @@ auth_strategy = keystone
admin_auth_url = {{ keystone_service_adminurl }}
admin_password = {{ neutron_service_password }}
admin_username = {{ neutron_service_user_name }}
admin_tenant_name = {{ neutron_service_tenant_name }}
admin_tenant_name = {{ neutron_service_project_name }}
metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
service_metadata_proxy = {{ nova_metadata_proxy_enabled }}