Set Keystone endpoints to be v3 by default

This patch sets the admin, internal and public endpoints for Keystone all to be v3 instead of the current mix of v2 for the internal/public endpoints and v3 for the admin endpoint. Existing deployments will have v3 endpoints added if they don't already exist. The removal of v2 endpoints is left to the deployer to do. DocImpact UpgradeImpact Implements: blueprint liberty-release Change-Id: I21b600b1bfb82edd9fba900ce6a9655f9addf9ed Closes-Bug: #1477682
2015-07-23 18:23:57 +01:00 · 2015-07-23 18:23:57 +01:00 · f1cfe72de4
commit f1cfe72de4
parent 546a1cce42
5 changed files with 16 additions and 19 deletions
--- a/playbooks/inventory/group_vars/hosts.yml
+++ b/playbooks/inventory/group_vars/hosts.yml
@ -163,24 +163,21 @@ keystone_service_internaluri_proto: "{{ openstack_service_internaluri_proto | de
 keystone_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(keystone_service_proto) }}"
 keystone_service_user_name: keystone
 keystone_service_tenant_name: service
+keystone_service_region: "{{ service_region }}"
+
+keystone_service_internaluri_insecure: false
+keystone_service_adminuri_insecure: false
+
 keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
-keystone_service_publicurl: "{{ keystone_service_publicuri }}/v2.0"
 keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
-keystone_service_internalurl: "{{ keystone_service_internaluri }}/v2.0"
 keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
-keystone_service_adminurl: "{{ keystone_service_adminuri }}/v2.0"
-keystone_service_publicuri_v3: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
-keystone_service_publicurl_v3: "{{ keystone_service_publicuri_v3 }}/v3"
-keystone_service_internaluri_v3: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
-keystone_service_internalurl_v3: "{{ keystone_service_internaluri_v3 }}/v3"
-keystone_service_adminuri_v3: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
-keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
-keystone_service_adminurl: "{{ keystone_service_adminurl_v3 }}"
+
+keystone_service_publicurl: "{{ keystone_service_publicuri }}/v3"
+keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
+keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
+
 keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
 keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
-keystone_service_region: "{{ service_region }}"
-keystone_service_adminuri_insecure: false
-keystone_service_internaluri_insecure: false


 ## Horizon
@ -214,7 +211,7 @@ cinder_service_region: "{{ service_region }}"


 ## OpenStack Openrc
-openrc_os_auth_url: "{{ keystone_service_internalurl_v3 }}"
+openrc_os_auth_url: "{{ keystone_service_internalurl }}"
 openrc_os_password: "{{ keystone_auth_admin_password }}"
 openrc_os_domain_name: "Default"

--- a/playbooks/roles/os_glance/defaults/main.yml
+++ b/playbooks/roles/os_glance/defaults/main.yml
@ -97,7 +97,7 @@ glance_service_adminuri: "{{ glance_service_adminuri_proto }}://{{ internal_lb_v
 glance_service_adminurl: "{{ glance_service_adminuri }}"

 ## Swift Options
-glance_swift_store_auth_address: "{{ keystone_service_internalurl_v3 }}"
+glance_swift_store_auth_address: "{{ keystone_service_internalurl }}"
 glance_swift_store_auth_version: 3
 glance_swift_store_user_domain: default
 glance_swift_store_project_domain: default
--- a/playbooks/roles/os_heat/tasks/heat_domain_setup.yml
+++ b/playbooks/roles/os_heat/tasks/heat_domain_setup.yml
@ -59,7 +59,7 @@
    . {{ ansible_env.HOME }}/openrc
    {{ heat_bin }}/openstack \
              --os-identity-api-version=3 \
-              --os-auth-url={{ keystone_service_adminurl_v3 }} \
+              --os-auth-url={{ keystone_service_adminurl }} \
              --os-project-name={{ heat_project_name }} \
              --os-project-domain-name={{ heat_project_domain_name }} \
              --os-user-domain-name={{ heat_user_domain_name }} \
@ -83,7 +83,7 @@
    . {{ ansible_env.HOME }}/openrc
    {{ heat_bin }}/openstack \
              --os-identity-api-version=3 \
-              --os-auth-url={{ keystone_service_adminurl_v3 }} \
+              --os-auth-url={{ keystone_service_adminurl }} \
              --os-project-name={{ heat_project_name }} \
              --os-project-domain-name={{ heat_project_domain_name }} \
              --os-user-domain-name={{ heat_user_domain_name }} \
--- a/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml
+++ b/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml
@ -214,7 +214,7 @@
    endpoint_list:
      - url: "{{ keystone_service_publicurl }}"
        interface: "public"
-      - url: "{{ keystone_service_adminurl_v3 }}"
+      - url: "{{ keystone_service_adminurl }}"
        interface: "admin"
      - url: "{{ keystone_service_internalurl }}"
        interface: "internal"
--- a/playbooks/roles/os_tempest/templates/tempest.conf.j2
+++ b/playbooks/roles/os_tempest/templates/tempest.conf.j2
@ -81,7 +81,7 @@ dashboard_url = {{ tempest_dashboard_url }}
 [identity]
 disable_ssl_certificate_validation = {{ keystone_service_internaluri_insecure | bool }}
 uri = {{ keystone_service_internalurl }}
-uri_v3 = {{ keystone_service_internalurl_v3 }}
+uri_v3 = {{ keystone_service_internalurl }}
 auth_version = v3
 v2_public_endpoint_type = internalURL
 endpoint_type = internalURL