openstack
/
charm-octavia
Code Issues Proposed changes

Update octavia.conf auth config for bobcat 

As noticed in bobcat testing, the [service_auth] section requires
more configuration than it did in the past. Additionally, as noted
in I686cfdef78de927fa4bc1921c15e8d5853fd2ef9, Octavia will no longer
take the authentication settings for Neutron from the [service_auth]
as a fallback. It will instead require them to be in the [neutron]
section. However, [service_auth] settings will still be used for
other services like Nova and Glance.

This change adds auth config options to the [service_auth] and
[neutron] sections, moves the auth_section config option to the
[keystone_authtoken] section, and sets the auth_section config
option to point to the [service_auth] section.

Closes-Bug: #2043095
Related-Bug: #2043129
Change-Id: I290f543827d63bb685209d615c9f448c2ff9d31e
This commit is contained in:
Corey Bryant 2023-11-09 11:00:01 -05:00
parent d91db5f6fe
commit f76d066df5
1 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/templates/bobcat/octavia.conf
View File

@ -112,10 +112,32 @@ active_connection_retry_interval = {{ options.active_connection_retry_interval }
{% include "parts/section-database" %}
{% if identity_service.auth_host -%}
[service_auth]
auth_url = {{ identity_service.auth_protocol }}://{{ identity_service.auth_host }}:{{ identity_service.auth_port }}
auth_type = password
{% if identity_service.service_domain -%}
project_domain_name = {{ identity_service.service_domain }}
user_domain_name = {{ identity_service.service_domain }}
{% else %}
project_domain_name = default
user_domain_name = default
{% endif -%}
project_name = {{ identity_service.service_tenant }}
username = {{ identity_service.service_username }}
password = {{ identity_service.service_password }}
{% if options.use_memcache == true -%}
memcached_servers = {{ options.memcache_url }}
{% endif -%}
{% endif %}
{% include "parts/section-keystone-authtoken" %}
{% if options.use_internal_endpoints -%}
endpoint_type = internalURL
{%- endif %}
{% if identity_service.auth_host -%}
auth_section = service_auth
{%- endif %}
[oslo_messaging]
topic = octavia
@ -162,7 +184,23 @@ region_name = {{ options.region }}
{% if options.use_internal_endpoints -%}
endpoint_type = internalURL
{%- endif %}
auth_section = keystone_authtoken
{% if identity_service.auth_host -%}
auth_url = {{ identity_service.auth_protocol }}://{{ identity_service.auth_host }}:{{ identity_service.auth_port }}
auth_type = password
{% if identity_service.service_domain -%}
project_domain_name = {{ identity_service.service_domain }}
user_domain_name = {{ identity_service.service_domain }}
{% else %}
project_domain_name = default
user_domain_name = default
{% endif -%}
project_name = {{ identity_service.service_tenant }}
username = {{ identity_service.service_username }}
password = {{ identity_service.service_password }}
{% if options.use_memcache == true -%}
memcached_servers = {{ options.memcache_url }}
{% endif -%}
{% endif %}
{% include "parts/section-oslo-messaging-rabbit" %}