Upgrade the Keystone library to use v3

In order to enable and deploy federated Keystone, we need to use version
3 of the Keystone API and the v3 Keystone Client. This work begins that
transition by having a set of backwards compatible library commands.

Specifically, this commit updates the keystone library to use v3
Keystone Client and the usage of ensure_tenant in the os_keystone tasks
to use the v3 admin url.

In version 3 of Keystone's Endpoints (Catalog) API each endpoint only
has one URL and has separate interface types (public, internal, admin).
This change updates all uses of ensure_endpoint to structure the
endpoint data in a better way for the ensure_endpoint command in the
keystone module. As a result, some incidents where internalurl and
adminurl were swapped have been fixed.

Note:
In new deployments the endpoints will be created using the v3 API and
will therefore not be available via the v2 API. This will be a breaking
change to legacy CLI clients. The openstack CLI should be used instead.

DocImpact
Related-Bug: #1470635
Partially-implements: blueprint keystone-federation
Change-Id: I2cd4f505e850b4b113452abc25ee00d486b1637d
This commit is contained in:
Ian Cordasco 2015-06-29 23:23:08 -05:00 committed by Miguel Grinberg
parent 36640a8f43
commit c1fdbab4de
16 changed files with 302 additions and 174 deletions

View File

@ -152,9 +152,10 @@ keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0"
keystone_service_publicuri_v3: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_publicurl_v3: "{{ keystone_service_publicuri_v3 }}/v3"
keystone_service_internaluri_v3: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_internalurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
keystone_service_internalurl_v3: "{{ keystone_service_internaluri_v3 }}/v3"
keystone_service_adminuri_v3: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
keystone_service_adminurl: "{{ keystone_service_adminurl_v3 }}"
keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
keystone_service_region: "{{ service_region }}"
@ -171,8 +172,9 @@ heat_service_region: "{{ service_region }}"
## OpenStack Openrc
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
openrc_os_auth_url: "{{ keystone_service_internalurl_v3 }}"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
## Tempest Options

View File

@ -87,7 +87,7 @@ EXAMPLES = """
import glanceclient.client as glclient
import keystoneclient.v2_0.client as ksclient
import keystoneclient.v3.client as ksclient
COMMAND_MAP = {'image-list': 'list_images',
@ -126,7 +126,7 @@ class ManageGlance(object):
self.keystone = ksclient.Client(insecure=insecure,
username=openrc['OS_USERNAME'],
password=openrc['OS_PASSWORD'],
tenant_name=openrc['OS_TENANT_NAME'],
project_name=openrc['OS_PROJECT_NAME'],
auth_url=openrc['OS_AUTH_URL'])
def _init_glance(self):

View File

@ -22,9 +22,11 @@ DOCUMENTATION = """
module: keystone
version_added: "1.6.2"
short_description:
- Manage OpenStack Identity (keystone) users, tenants, roles, and endpoints.
- Manage OpenStack Identity (keystone) users, projects, roles, and
endpoints.
description:
- Manage OpenStack Identity (keystone) users, tenants, roles, and endpoints.
- Manage OpenStack Identity (keystone) users, projects, roles, and
endpoints.
options:
return_code:
description:
@ -41,6 +43,11 @@ options:
- Password of login user
required: false
default: 'yes'
login_project_name:
description:
- The project login_user belongs to
required: false
default: None
login_tenant_name:
description:
- The tenant login_user belongs to
@ -65,6 +72,11 @@ options:
- The name of the user that has to added/removed from OpenStack
required: false
default: None
project_name:
description:
- The project name that has be added/removed
required: false
default: None
tenant_name:
description:
- The tenant name that has be added/removed
@ -84,9 +96,14 @@ options:
- Name of the region.
required: false
default: None
domain_name:
description:
- Name of the domain to add a project to.
required: false
default: 'default'
description:
description:
- A description for the tenant
- A description for the project
required: false
default: None
email:
@ -99,27 +116,19 @@ options:
- Type of service.
required: false
default: None
publicurl:
endpoint_list:
description:
- Public URL.
required: false
default: None
adminurl:
description:
- Admin URL.
required: false
default: None
internalurl:
description:
- Internal URL.
- List of endpoints to add to keystone for a service
required: false
default: None
type: list
command:
description:
- Indicate desired state of the resource
choices: ['get_tenant', 'get_user', 'get_role', 'ensure_service',
'ensure_endpoint', 'ensure_role', 'ensure_user',
'ensure_user_role', 'ensure_tenant']
choices: ['get_tenant', 'get_project', 'get_user', 'get_role',
'ensure_service', 'ensure_endpoint', 'ensure_role',
'ensure_user', 'ensure_user_role', 'ensure_tenant',
'ensure_project']
required: true
insecure:
description:
@ -133,23 +142,24 @@ author: Kevin Carter
"""
EXAMPLES = """
# Create an admin tenant
# Create an admin project
- keystone:
command: "ensure_tenant"
tenant_name: "admin"
description: "Admin Tenant"
command: "ensure_project"
project_name: "admin"
domain_name: "Default"
description: "Admin project"
# Create a service tenant
# Create a service project
- keystone:
command: "ensure_tenant"
tenant_name: "service"
description: "Service Tenant"
command: "ensure_project"
project_name: "service"
description: "Service project"
# Create an admin user
- keystone:
command: "ensure_user"
user_name: "admin"
tenant_name: "admin"
project_name: "admin"
password: "secrete"
email: "admin@some-domain.com"
@ -162,15 +172,16 @@ EXAMPLES = """
- keystone:
command: "ensure_user"
user_name: "glance"
tenant_name: "service"
project_name: "service"
password: "secrete"
domain_name: "Default"
email: "glance@some-domain.com"
# Add a role to a user
- keystone:
command: "ensure_user_role"
user_name: "glance"
tenant_name: "service"
project_name: "service"
role_name: "admin"
# Create a service
@ -186,14 +197,18 @@ EXAMPLES = """
region_name: "RegionOne"
service_name: "glance"
service_type: "image"
publicurl: "http://127.0.0.1:9292"
adminurl: "http://127.0.0.1:9292"
internalurl: "http://127.0.0.1:9292"
endpoint_list:
- url: "http://127.0.0.1:9292"
interface: "public"
- url: "http://127.0.0.1:9292"
interface: "admin"
- url: "http://127.0.0.1:9292"
interface: "internal"
# Get tenant id
# Get project id
- keystone:
command: "get_tenant"
tenant_name: "admin"
command: "get_project"
project_name: "admin"
# Get user id
- keystone:
@ -210,6 +225,13 @@ EXAMPLES = """
COMMAND_MAP = {
'get_tenant': {
'variables': [
'project_name',
'tenant_name'
]
},
'get_project': {
'variables': [
'project_name',
'tenant_name'
]
},
@ -221,6 +243,7 @@ COMMAND_MAP = {
'get_role': {
'variables': [
'role_name',
'project_name',
'tenant_name',
'user_name'
]
@ -237,9 +260,7 @@ COMMAND_MAP = {
'region_name',
'service_name',
'service_type',
'publicurl',
'adminurl',
'internalurl'
'endpoint_list'
]
},
'ensure_role': {
@ -249,21 +270,33 @@ COMMAND_MAP = {
},
'ensure_user': {
'variables': [
'project_name',
'tenant_name',
'user_name',
'password',
'email'
'email',
'domain_name'
]
},
'ensure_user_role': {
'variables': [
'user_name',
'project_name',
'tenant_name',
'role_name'
]
},
'ensure_project': {
'variables': [
'project_name',
'tenant_name',
'description',
'domain_name'
]
},
'ensure_tenant': {
'variables': [
'project_name',
'tenant_name',
'description'
]
@ -271,7 +304,7 @@ COMMAND_MAP = {
}
try:
from keystoneclient.v2_0 import client
from keystoneclient.v3 import client
except ImportError:
keystoneclient_found = False
else:
@ -363,6 +396,7 @@ class ManageKeystone(object):
'endpoint',
'login_user',
'login_password',
'login_project_name',
'login_tenant_name',
'token',
'insecure'
@ -372,18 +406,19 @@ class ManageKeystone(object):
endpoint = variables_dict.pop('endpoint')
login_user = variables_dict.pop('login_user')
login_password = variables_dict.pop('login_password')
login_tenant_name = variables_dict.pop('login_tenant_name')
login_project_name = (variables_dict.pop('login_project_name', None) or
variables_dict.pop('login_tenant_name'))
token = variables_dict.pop('token')
insecure = variables_dict.pop('insecure')
if token is None:
if login_tenant_name is None:
if login_project_name is None:
self.failure(
error='Missing Tenant Name',
error='Missing Project Name',
rc=2,
msg='If you do not specify a token you must use a tenant'
msg='If you do not specify a token you must use a project'
' name for authentication. Try adding'
' [ login_tenant_name ] to the task'
' [ login_project_name ] to the task'
)
if login_password is None:
self.failure(
@ -406,22 +441,38 @@ class ManageKeystone(object):
auth_url=endpoint,
username=login_user,
password=login_password,
tenant_name=login_tenant_name
project_name=login_project_name
)
def _get_tenant(self, name):
"""Return tenant information.
def _get_domain(self, name):
"""Return domain information.
:param name: ``str`` Name of the tenant.
:param str name: Name of the domain.
"""
for entry in self.keystone.tenants.list():
for entry in self.keystone.domains.list():
if entry.name == name:
return entry
else:
return None
def _get_project(self, name):
"""Return project information.
Formerly, _get_tenant
:param name: ``str`` Name of the project.
"""
for entry in self.keystone.projects.list():
if entry.name == name:
return entry
else:
return None
def get_tenant(self, variables):
"""Return a tenant id.
return self.get_project(variables)
def get_project(self, variables):
"""Return a project id.
This will return `None` if the ``name`` is not found.
@ -429,43 +480,51 @@ class ManageKeystone(object):
use within the Keystone Command.
"""
self._authenticate()
variables_dict = self._get_vars(variables, required=['tenant_name'])
tenant_name = variables_dict.pop('tenant_name')
tenant = self._get_tenant(name=tenant_name)
if tenant is None:
variables_dict = self._get_vars(variables)
project_name = (variables_dict.pop('project_name', None) or
variables_dict.pop('tenant_name'))
project = self._get_project(name=project_name)
if project is None:
self.failure(
error='tenant [ %s ] was not found.' % tenant_name,
error='project [ %s ] was not found.' % project_name,
rc=2,
msg='tenant was not found, does it exist?'
msg='project was not found, does it exist?'
)
return self._facts(facts={'id': tenant.id})
return self._facts(facts={'id': project.id})
def ensure_tenant(self, variables):
"""Create a new tenant within Keystone if it does not exist.
return self.ensure_project(variables)
Returns the tenant ID on a successful run.
def ensure_project(self, variables):
"""Create a new project within Keystone if it does not exist.
Returns the project ID on a successful run.
:param variables: ``list`` List of all variables that are available to
use within the Keystone Command.
"""
self._authenticate()
variables_dict = self._get_vars(variables, required=['tenant_name'])
tenant_name = variables_dict.pop('tenant_name')
tenant_description = variables_dict.pop('description')
if tenant_description is None:
tenant_description = 'Tenant %s' % tenant_name
variables_dict = self._get_vars(variables)
project_name = (variables_dict.pop('project_name', None) or
variables_dict.pop('tenant_name'))
domain_name = variables_dict.pop('domain_name', None) or 'Default'
project_description = variables_dict.pop('description')
if project_description is None:
project_description = 'Project %s' % project_name
tenant = self._get_tenant(name=tenant_name)
if tenant is None:
domain = self._get_domain(name=domain_name)
project = self._get_project(name=project_name)
if project is None:
self.state_change = True
tenant = self.keystone.tenants.create(
tenant_name=tenant_name,
description=tenant_description,
project = self.keystone.projects.create(
name=project_name,
description=project_description,
domain=domain,
enabled=True
)
return self._facts(facts={'id': tenant.id})
return self._facts(facts={'id': project.id})
def _get_user(self, name):
"""Return a user information.
@ -481,7 +540,7 @@ class ManageKeystone(object):
return None
def get_user(self, variables):
"""Return a tenant id.
"""Return a project id.
This will return `None` if the ``name`` is not found.
@ -510,19 +569,28 @@ class ManageKeystone(object):
use within the Keystone Command.
"""
self._authenticate()
required_vars = ['tenant_name', 'user_name', 'password']
required_vars = ['user_name', 'password']
variables_dict = self._get_vars(variables, required=required_vars)
tenant_name = variables_dict.pop('tenant_name')
project_name = (variables_dict.pop('project_name', None) or
variables_dict.pop('tenant_name'))
password = variables_dict.pop('password')
user_name = variables_dict.pop('user_name')
email = variables_dict.pop('email')
# NOTE(sigmavirus24): Since we don't require domain, this will be None
# in the dictionary. When we pop it, we can't provide a default
# because 'domain' exists and is None. In order to use a default
# value, we need to use `or 'default'` here to make sure we default to
# the default domain. If we don't do it this way, Keystone throws a
# 401 Unauthorized which is just plain wrong.
domain_name = variables_dict.pop('domain_name', None) or 'Default'
tenant = self._get_tenant(name=tenant_name)
if tenant is None:
domain = self._get_domain(name=domain_name)
project = self._get_project(name=project_name)
if project is None:
self.failure(
error='tenant [ %s ] was not found.' % tenant_name,
error='project [ %s ] was not found.' % project_name,
rc=2,
msg='tenant was not found, does it exist?'
msg='project was not found, does it exist?'
)
user = self._get_user(name=user_name)
@ -532,7 +600,8 @@ class ManageKeystone(object):
name=user_name,
password=password,
email=email,
tenant_id=tenant.id
domain=domain,
default_project=project
)
return self._facts(facts={'id': user.id})
@ -571,7 +640,7 @@ class ManageKeystone(object):
return self._facts(facts={'id': role_data.id})
def _get_role_data(self, user_name, tenant_name, role_name):
def _get_role_data(self, user_name, project_name, role_name):
user = self._get_user(name=user_name)
if user is None:
self.failure(
@ -580,12 +649,12 @@ class ManageKeystone(object):
msg='User was not found, does it exist?'
)
tenant = self._get_tenant(name=tenant_name)
if tenant is None:
project = self._get_project(name=project_name)
if project is None:
self.failure(
error='tenant [ %s ] was not found.' % tenant_name,
error='project [ %s ] was not found.' % project_name,
rc=2,
msg='tenant was not found, does it exist?'
msg='project was not found, does it exist?'
)
role = self._get_role(name=role_name)
@ -596,7 +665,7 @@ class ManageKeystone(object):
msg='role was not found, does it exist?'
)
return user, tenant, role
return user, project, role
def ensure_role(self, variables):
"""Create a new role within Keystone if it does not exist.
@ -617,8 +686,8 @@ class ManageKeystone(object):
return self._facts(facts={'id': role.id})
def _get_user_roles(self, name, user, tenant):
for entry in self.keystone.users.list_roles(user, tenant.id):
def _get_user_roles(self, name, user, project):
for entry in self.keystone.roles.list(user=user, project=project):
if entry.name == name:
return entry
else:
@ -626,26 +695,30 @@ class ManageKeystone(object):
def ensure_user_role(self, variables):
self._authenticate()
required_vars = ['user_name', 'tenant_name', 'role_name']
required_vars = ['user_name', 'role_name']
variables_dict = self._get_vars(variables, required=required_vars)
user_name = variables_dict.pop('user_name')
tenant_name = variables_dict.pop('tenant_name')
# NOTE(sigmavirus24): Try to get the project_name, but
# don't error out on it. This will change when the playbooks are
# updated to use project_name instead of tenant_name
project_name = (variables_dict.pop('project_name', None)
or variables_dict.pop('tenant_name'))
role_name = variables_dict.pop('role_name')
user, tenant, role = self._get_role_data(
user_name=user_name, tenant_name=tenant_name, role_name=role_name
user, project, role = self._get_role_data(
user_name=user_name, project_name=project_name, role_name=role_name
)
user_role = self._get_user_roles(
name=role_name, user=user, tenant=tenant
name=role_name, user=user, project=project
)
if user_role is None:
self.keystone.roles.add_user_role(
user=user, role=role, tenant=tenant
self.keystone.roles.grant(
user=user, role=role, project=project
)
user_role = self._get_user_roles(
name=role_name, user=user, tenant=tenant
name=role_name, user=user, project=project
)
return self._facts(facts={'id': user_role.id})
@ -681,19 +754,18 @@ class ManageKeystone(object):
self.state_change = True
service = self.keystone.services.create(
name=service_name,
service_type=service_type,
type=service_type,
description=description
)
return self._facts(facts={'id': service.id})
def _get_endpoint(self, region, publicurl, adminurl, internalurl):
def _get_endpoint(self, region, url, interface):
for entry in self.keystone.endpoints.list():
check = [
entry.region == region,
entry.publicurl == publicurl,
entry.adminurl == adminurl,
entry.internalurl == internalurl
entry.url == url,
entry.interface == interface
]
if all(check):
return entry
@ -713,18 +785,14 @@ class ManageKeystone(object):
'region_name',
'service_name',
'service_type',
'publicurl',
'adminurl',
'internalurl'
'endpoint_list'
]
variables_dict = self._get_vars(variables, required=required_vars)
service_name = variables_dict.pop('service_name')
service_type = variables_dict.pop('service_type')
region = variables_dict.pop('region_name')
publicurl = variables_dict.pop('publicurl')
adminurl = variables_dict.pop('adminurl')
internalurl = variables_dict.pop('internalurl')
endpoint_list = variables_dict.pop('endpoint_list')
service = self._get_service(name=service_name, srv_type=service_type)
if service is None:
@ -734,23 +802,28 @@ class ManageKeystone(object):
msg='Service was not found, does it exist?'
)
endpoint = self._get_endpoint(
region=region,
publicurl=publicurl,
adminurl=adminurl,
internalurl=internalurl
)
if endpoint is None:
self.state_change = True
endpoint = self.keystone.endpoints.create(
endpoints = {}
for endpoint_dict in endpoint_list:
url = endpoint_dict.pop('url')
interface = endpoint_dict.pop('interface')
endpoint = self._get_endpoint(
region=region,
service_id=service.id,
publicurl=publicurl,
adminurl=adminurl,
internalurl=internalurl
url=url,
interface=interface
)
if endpoint is None:
self.state_change = True
endpoint = self.keystone.endpoints.create(
region=region,
service=service,
url=url,
interface=interface
)
endpoints[interface] = endpoint
return self._facts(facts={'id': endpoint.id})
return self._facts(
facts={'%sid' % interface: endpoint.id
for interface, endpoint in endpoints.items()})
def main():
@ -780,6 +853,12 @@ def main():
tenant_name=dict(
required=False
),
project_name=dict(
required=False
),
domain_name=dict(
required=False
),
role_name=dict(
required=False
),
@ -798,14 +877,9 @@ def main():
service_type=dict(
required=False
),
publicurl=dict(
required=False
),
adminurl=dict(
required=False
),
internalurl=dict(
required=False
endpoint_list=dict(
required=False,
type='list'
),
command=dict(
required=True,
@ -843,6 +917,6 @@ def main():
# import module snippets
from ansible.module_utils.basic import *
from ansible.module_utils.basic import * # NOQA
if __name__ == '__main__':
main()

View File

@ -114,7 +114,7 @@ EXAMPLES = """
"""
import keystoneclient.v2_0.client as ksclient
import keystoneclient.v3.client as ksclient
from neutronclient.neutron import client as nclient
@ -258,7 +258,7 @@ class ManageNeutron(object):
self.keystone = ksclient.Client(insecure=insecure,
username=openrc['OS_USERNAME'],
password=openrc['OS_PASSWORD'],
tenant_name=openrc['OS_TENANT_NAME'],
project_name=openrc['OS_PROJECT_NAME'],
auth_url=openrc['OS_AUTH_URL'])
def _init_neutron(self):

View File

@ -10,9 +10,21 @@ export NOVA_ENDPOINT_TYPE={{ openrc_nova_endpoint_type }}
export OS_ENDPOINT_TYPE={{ openrc_os_endpoint_type }}
export OS_USERNAME={{ openrc_os_username }}
export OS_PASSWORD={{ openrc_os_password }}
export OS_PROJECT_NAME={{ openrc_os_tenant_name }}
# NOTE(sigmavirus24): The tenant name setting should be removed when
# python-cinderclient stops checking for it and failing if it doesn't exist.
export OS_TENANT_NAME={{ openrc_os_tenant_name }}
export OS_AUTH_URL={{ openrc_os_auth_url }}
export OS_NO_CACHE=1
export OS_USER_DOMAIN_NAME={{ openrc_os_domain_name }}
export OS_PROJECT_DOMAIN_NAME={{ openrc_os_domain_name }}
# For openstackclient
{% if openrc_os_auth_url.endswith('v3') %}
export OS_IDENTITY_API_VERSION=3
{% else %}
export OS_IDENTITY_API_VERSION=2
{% endif %}
{% if openrc_insecure | bool %}
# Convenience Aliases for Self-Signed Certs

View File

@ -73,9 +73,13 @@
region_name: "{{ service_region }}"
service_name: "{{ service_name }}"
service_type: "{{ service_type }}"
publicurl: "{{ service_publicurl }}"
adminurl: "{{ service_internalurl }}"
internalurl: "{{ service_adminurl }}"
endpoint_list:
- url: "{{ service_publicurl }}"
interface: "public"
- url: "{{ service_adminurl }}"
interface: "admin"
- url: "{{ service_internalurl }}"
interface: "internal"
register: add_service
until: add_service|success
retries: 5

View File

@ -79,10 +79,14 @@
region_name: "{{ service_region }}"
service_name: "{{ service_name }}"
service_type: "{{ service_type }}"
publicurl: "{{ service_publicurl }}"
adminurl: "{{ service_internalurl }}"
internalurl: "{{ service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ service_publicurl }}"
interface: "public"
- url: "{{ service_internalurl }}"
interface: "internal"
- url: "{{ service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5

View File

@ -79,10 +79,14 @@
region_name: "{{ glance_service_region }}"
service_name: "{{ glance_service_name }}"
service_type: "{{ glance_service_type }}"
publicurl: "{{ glance_service_publicurl }}"
adminurl: "{{ glance_service_internalurl }}"
internalurl: "{{ glance_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ glance_service_publicurl }}"
interface: "public"
- url: "{{ glance_service_internalurl }}"
interface: "internal"
- url: "{{ glance_service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5

View File

@ -79,10 +79,14 @@
region_name: "{{ service_region }}"
service_name: "{{ service_name }}"
service_type: "{{ service_type }}"
publicurl: "{{ service_publicurl }}"
internalurl: "{{ service_internalurl }}"
adminurl: "{{ service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ service_publicurl }}"
interface: "public"
- url: "{{ service_internalurl }}"
interface: "internal"
- url: "{{ service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5

View File

@ -102,18 +102,20 @@ keystone_service_user_name: keystone
keystone_service_tenant_name: service
keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_publicurl: "{{ keystone_service_publicuri }}/v2.0"
keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v2.0"
keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0"
keystone_service_publicuri_v3: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_publicurl_v3: "{{ keystone_service_publicuri_v3 }}/v3"
keystone_service_internaluri_v3: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
keystone_service_internalurl_v3: "{{ keystone_service_internaluri_v3 }}/v3"
keystone_service_adminuri_v3: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
keystone_service_publicurl_v2: "{{ keystone_service_publicuri }}/v2.0"
keystone_service_internalurl_v2: "{{ keystone_service_internaluri }}/v2.0"
keystone_service_adminurl_v2: "{{ keystone_service_adminuri }}/v2.0"
keystone_service_publicurl_v3: "{{ keystone_service_publicuri }}/v3"
keystone_service_internalurl_v3: "{{ keystone_service_internaluri }}/v3"
keystone_service_adminurl_v3: "{{ keystone_service_adminuri }}/v3"
keystone_service_publicurl: "{{ keystone_service_publicurl_v3 }}"
keystone_service_internalurl: "{{ keystone_service_internalurl_v3 }}"
keystone_service_adminurl: "{{ keystone_service_adminurl_v3 }}"
## Set this value to override the "public_endpoint" keystone.conf variable
#keystone_public_endpoint:

View File

@ -194,10 +194,14 @@
region_name: "{{ keystone_service_region }}"
service_name: "{{ keystone_service_name }}"
service_type: "{{ keystone_service_type }}"
publicurl: "{{ keystone_service_publicurl }}"
adminurl: "{{ keystone_service_adminurl }}"
internalurl: "{{ keystone_service_internalurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ keystone_service_publicurl }}"
interface: "public"
- url: "{{ keystone_service_adminurl_v3 }}"
interface: "admin"
- url: "{{ keystone_service_internalurl }}"
interface: "internal"
register: add_service
until: add_service|success
retries: 5

View File

@ -79,10 +79,14 @@
region_name: "{{ service_region }}"
service_name: "{{ service_name }}"
service_type: "{{ service_type }}"
publicurl: "{{ service_publicurl }}"
adminurl: "{{ service_internalurl }}"
internalurl: "{{ service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ service_publicurl }}"
interface: "public"
- url: "{{ service_internalurl }}"
interface: "internal"
- url: "{{ service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5

View File

@ -79,10 +79,14 @@
region_name: "{{ service_region }}"
service_name: "{{ service_name }}"
service_type: "{{ service_type }}"
publicurl: "{{ service_publicurl }}"
adminurl: "{{ service_internalurl }}"
internalurl: "{{ service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ service_publicurl }}"
interface: "public"
- url: "{{ service_internalurl }}"
interface: "internal"
- url: "{{ service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5

View File

@ -139,11 +139,17 @@ port = {{ glance_service_port }}
[neutron]
url = {{ neutron_service_adminurl }}
region_name = {{ neutron_service_region }}
auth_plugin = password
auth_strategy = keystone
admin_auth_url = {{ keystone_service_adminurl }}
admin_password = {{ neutron_service_password }}
admin_username = {{ neutron_service_user_name }}
admin_tenant_name = {{ neutron_service_project_name }}
# Keystone client plugin password option
password = {{ neutron_service_password }}
# Keystone client plugin username option
username = {{ neutron_service_user_name }}
project_name = {{ neutron_service_project_name }}
user_domain_name = {{ neutron_service_domain_name |default("Default") }}
project_domain_name = {{ neutron_service_domain_name |default("Default") }}
# Keystone client plugin authentication URL option
auth_url = {{ keystone_service_adminurl }}
metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
service_metadata_proxy = {{ nova_metadata_proxy_enabled }}

View File

@ -163,10 +163,14 @@
region_name: "{{ swift_service_region }}"
service_name: "{{ swift_service_name }}"
service_type: "{{ swift_service_type }}"
publicurl: "{{ swift_service_publicurl }}"
adminurl: "{{ swift_service_internalurl }}"
internalurl: "{{ swift_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ swift_service_publicurl }}"
interface: "public"
- url: "{{ swift_service_internalurl }}"
interface: "internal"
- url: "{{ swift_service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5

View File

@ -110,7 +110,7 @@ admin_tenant_id = {{ tempest_admin_tenant_id }}
alt_tenant_name = alt_demo
alt_password = alt_demo
alt_username = alt_demo
auth_version = v2
auth_version = v3
catalog_type = identity
disable_ssl_certificate_validation = {{ keystone_service_internaluri_insecure | bool }}
endpoint_type = internalURL
@ -123,7 +123,7 @@ username = demo
[identity-feature-enabled]
api_v2 = true
api_v3 = false
api_v3 = true
trust = false