Simplify identity endpoint

Per the Keystone Install Guide[1] the admin endpoint is superseded in favor of a single public endpoint. As a result, the admin endpoint is no longer deployed by default. [1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components Change-Id: I1adb3066c83aaffe8b22f2f2553f634483371974 Implements: blueprint simplify-identity-endpoint
2018-06-12 21:55:40 -07:00 · 2018-06-12 21:55:40 -07:00 · b87d8b8cf8
parent 59112747e8
commit b87d8b8cf8
5 changed files with 9 additions and 13 deletions
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -24,6 +24,7 @@
  default['openstack']['endpoints'][ep_type]['dns-api']['host'] = '127.0.0.1'
  default['openstack']['endpoints'][ep_type]['dns-api']['scheme'] = 'http'
  default['openstack']['endpoints'][ep_type]['dns-api']['port'] = 9001
+  default['openstack']['endpoints'][ep_type]['dns-api']['path'] = '/v2'
 end
 default['openstack']['bind_service']['all']['dns-api']['host'] = '127.0.0.1'
 default['openstack']['bind_service']['all']['dns-api']['port'] = 9001
--- a/recipes/common.rb
+++ b/recipes/common.rb
@ -67,19 +67,16 @@ end
 db_user = node['openstack']['db']['dns']['username']
 db_pass = get_password 'db', 'designate'

-public_identity_endpoint = identity_uri_transform(public_endpoint('identity'))
-identity_endpoint = internal_endpoint 'identity'
-
 bind_services = node['openstack']['bind_service']['all']
 api_bind = bind_services['dns-api']

-auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version']
+identity_endpoint = public_endpoint 'identity'
+auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['api']['auth']['version']

 # define attributes that are needed in designate.conf
 node.default['openstack']['dns']['conf'].tap do |conf|
  conf['service:api']['api_host'] = bind_address api_bind
  conf['service:api']['api_port'] = api_bind['port']
-  conf['keystone_authtoken']['auth_uri'] = public_identity_endpoint
  conf['keystone_authtoken']['auth_url'] = auth_url
 end

--- a/recipes/dashboard.rb
+++ b/recipes/dashboard.rb
@ -18,7 +18,7 @@
 # limitations under the License.
 #

-class ::Chef::Recipe # rubocop:disable Documentation
+class ::Chef::Recipe
  include ::Openstack
 end

--- a/recipes/identity_registration.rb
+++ b/recipes/identity_registration.rb
@ -24,9 +24,8 @@ class ::Chef::Recipe
  include ::Openstack
 end

-identity_admin_endpoint = admin_endpoint 'identity'
-
-auth_url = ::URI.decode identity_admin_endpoint.to_s
+identity_endpoint = public_endpoint 'identity'
+auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['api']['auth']['version']

 internal_designate_endpoint = internal_endpoint 'dns-api'
 public_designate_endpoint = public_endpoint 'dns-api'
--- a/recipes/neutron_int.rb
+++ b/recipes/neutron_int.rb
@ -23,11 +23,10 @@ class ::Chef::Recipe
 end

 dns_endpoint = internal_endpoint 'dns-api'
-# TODO(jh): Make this more intelligent
-dns_url = dns_endpoint.to_s + '/v2'
+dns_url = dns_endpoint.to_s + node['openstack']['endpoints']['internal']['dns-api']['path']

-identity_endpoint = internal_endpoint 'identity'
-auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version']
+identity_endpoint = public_endpoint 'identity'
+auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['api']['auth']['version']

 node.default['openstack']['network']['conf'].tap do |conf|
  conf['DEFAULT']['external_dns_driver'] = 'designate'