From f1cfe72de4247c6f498943c191b32bdfca957727 Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Thu, 23 Jul 2015 18:23:57 +0100
Subject: [PATCH] Set Keystone endpoints to be v3 by default

This patch sets the admin, internal and public endpoints for
Keystone all to be v3 instead of the current mix of v2 for the
internal/public endpoints and v3 for the admin endpoint.

Existing deployments will have v3 endpoints added if they don't
already exist. The removal of v2 endpoints is left to the deployer
to do.

DocImpact
UpgradeImpact
Implements: blueprint liberty-release
Change-Id: I21b600b1bfb82edd9fba900ce6a9655f9addf9ed
Closes-Bug: #1477682
---
 playbooks/inventory/group_vars/hosts.yml      | 25 ++++++++-----------
 playbooks/roles/os_glance/defaults/main.yml   |  2 +-
 .../roles/os_heat/tasks/heat_domain_setup.yml |  4 +--
 .../tasks/keystone_service_setup.yml          |  2 +-
 .../os_tempest/templates/tempest.conf.j2      |  2 +-
 5 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/playbooks/inventory/group_vars/hosts.yml b/playbooks/inventory/group_vars/hosts.yml
index f35b024603..ee38d1b656 100644
--- a/playbooks/inventory/group_vars/hosts.yml
+++ b/playbooks/inventory/group_vars/hosts.yml
@@ -163,24 +163,21 @@ keystone_service_internaluri_proto: "{{ openstack_service_internaluri_proto | de
 keystone_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(keystone_service_proto) }}"
 keystone_service_user_name: keystone
 keystone_service_tenant_name: service
+keystone_service_region: "{{ service_region }}"
+
+keystone_service_internaluri_insecure: false
+keystone_service_adminuri_insecure: false
+
 keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
-keystone_service_publicurl: "{{ keystone_service_publicuri }}/v2.0"
 keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
-keystone_service_internalurl: "{{ keystone_service_internaluri }}/v2.0"
 keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
-keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0"
-keystone_service_publicuri_v3: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
-keystone_service_publicurl_v3: "{{ keystone_service_publicuri_v3 }}/v3"
-keystone_service_internaluri_v3: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
-keystone_service_internalurl_v3: "{{ keystone_service_internaluri_v3 }}/v3"
-keystone_service_adminuri_v3: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
-keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
-keystone_service_adminurl: "{{ keystone_service_adminurl_v3 }}"
+
+keystone_service_publicurl: "{{ keystone_service_publicuri }}/v3"
+keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
+keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
+
 keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
 keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
-keystone_service_region: "{{ service_region }}"
-keystone_service_adminuri_insecure: false
-keystone_service_internaluri_insecure: false
 
 
 ## Horizon
@@ -214,7 +211,7 @@ cinder_service_region: "{{ service_region }}"
 
 
 ## OpenStack Openrc
-openrc_os_auth_url: "{{ keystone_service_internalurl_v3 }}"
+openrc_os_auth_url: "{{ keystone_service_internalurl }}"
 openrc_os_password: "{{ keystone_auth_admin_password }}"
 openrc_os_domain_name: "Default"
 
diff --git a/playbooks/roles/os_glance/defaults/main.yml b/playbooks/roles/os_glance/defaults/main.yml
index 69f46e653a..40db4d2a48 100644
--- a/playbooks/roles/os_glance/defaults/main.yml
+++ b/playbooks/roles/os_glance/defaults/main.yml
@@ -97,7 +97,7 @@ glance_service_adminuri: "{{ glance_service_adminuri_proto }}://{{ internal_lb_v
 glance_service_adminurl: "{{ glance_service_adminuri }}"
 
 ## Swift Options
-glance_swift_store_auth_address: "{{ keystone_service_internalurl_v3 }}"
+glance_swift_store_auth_address: "{{ keystone_service_internalurl }}"
 glance_swift_store_auth_version: 3
 glance_swift_store_user_domain: default
 glance_swift_store_project_domain: default
diff --git a/playbooks/roles/os_heat/tasks/heat_domain_setup.yml b/playbooks/roles/os_heat/tasks/heat_domain_setup.yml
index 2bff2d57cd..4c9b5eab1b 100644
--- a/playbooks/roles/os_heat/tasks/heat_domain_setup.yml
+++ b/playbooks/roles/os_heat/tasks/heat_domain_setup.yml
@@ -59,7 +59,7 @@
     . {{ ansible_env.HOME }}/openrc
     {{ heat_bin }}/openstack \
               --os-identity-api-version=3 \
-              --os-auth-url={{ keystone_service_adminurl_v3 }} \
+              --os-auth-url={{ keystone_service_adminurl }} \
               --os-project-name={{ heat_project_name }} \
               --os-project-domain-name={{ heat_project_domain_name }} \
               --os-user-domain-name={{ heat_user_domain_name }} \
@@ -83,7 +83,7 @@
     . {{ ansible_env.HOME }}/openrc
     {{ heat_bin }}/openstack \
               --os-identity-api-version=3 \
-              --os-auth-url={{ keystone_service_adminurl_v3 }} \
+              --os-auth-url={{ keystone_service_adminurl }} \
               --os-project-name={{ heat_project_name }} \
               --os-project-domain-name={{ heat_project_domain_name }} \
               --os-user-domain-name={{ heat_user_domain_name }} \
diff --git a/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml b/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml
index 9fb4cf58b3..d4faa89ad5 100644
--- a/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml
+++ b/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml
@@ -214,7 +214,7 @@
     endpoint_list:
       - url: "{{ keystone_service_publicurl }}"
         interface: "public"
-      - url: "{{ keystone_service_adminurl_v3 }}"
+      - url: "{{ keystone_service_adminurl }}"
         interface: "admin"
       - url: "{{ keystone_service_internalurl }}"
         interface: "internal"
diff --git a/playbooks/roles/os_tempest/templates/tempest.conf.j2 b/playbooks/roles/os_tempest/templates/tempest.conf.j2
index 753cbb13e7..7628d2cbad 100644
--- a/playbooks/roles/os_tempest/templates/tempest.conf.j2
+++ b/playbooks/roles/os_tempest/templates/tempest.conf.j2
@@ -81,7 +81,7 @@ dashboard_url = {{ tempest_dashboard_url }}
 [identity]
 disable_ssl_certificate_validation = {{ keystone_service_internaluri_insecure | bool }}
 uri = {{ keystone_service_internalurl }}
-uri_v3 = {{ keystone_service_internalurl_v3 }}
+uri_v3 = {{ keystone_service_internalurl }}
 auth_version = v3
 v2_public_endpoint_type = internalURL
 endpoint_type = internalURL