Merge "post-2023.1: Remove keystone admin endpoint bits" into stable/2023.2
This commit is contained in:
commit
b19715f8fb
|
@ -195,18 +195,15 @@ keystone_enabled_notification_topics: "{{ keystone_notification_topics | selecta
|
||||||
# Keystone
|
# Keystone
|
||||||
####################
|
####################
|
||||||
keystone_service_endpoints:
|
keystone_service_endpoints:
|
||||||
|
- {'interface': 'admin', 'url': '{{ keystone_internal_url }}', 'state': 'absent'}
|
||||||
- {'interface': 'internal', 'url': '{{ keystone_internal_url }}'}
|
- {'interface': 'internal', 'url': '{{ keystone_internal_url }}'}
|
||||||
- {'interface': 'public', 'url': '{{ keystone_public_url }}'}
|
- {'interface': 'public', 'url': '{{ keystone_public_url }}'}
|
||||||
|
|
||||||
# TODO(yoctozepto): Remove admin_endpoint leftovers in Antelope (2023.1).
|
|
||||||
keystone_service_admin_endpoint: {'interface': 'admin', 'url': '{{ keystone_internal_url }}'}
|
|
||||||
keystone_create_admin_endpoint: false
|
|
||||||
|
|
||||||
keystone_ks_services:
|
keystone_ks_services:
|
||||||
- name: "keystone"
|
- name: "keystone"
|
||||||
type: "identity"
|
type: "identity"
|
||||||
description: "Openstack Identity Service"
|
description: "Openstack Identity Service"
|
||||||
endpoints: "{{ keystone_service_endpoints + ([keystone_service_admin_endpoint] if kolla_action == 'upgrade' or keystone_create_admin_endpoint | bool else []) }}"
|
endpoints: "{{ keystone_service_endpoints }}"
|
||||||
|
|
||||||
keystone_ks_roles:
|
keystone_ks_roles:
|
||||||
- service
|
- service
|
||||||
|
|
|
@ -56,3 +56,11 @@
|
||||||
run_once: True
|
run_once: True
|
||||||
when:
|
when:
|
||||||
- not use_preconfigured_databases | bool
|
- not use_preconfigured_databases | bool
|
||||||
|
|
||||||
|
# NOTE(mgoddard): Remove the admin endpoint.
|
||||||
|
- import_role:
|
||||||
|
name: service-ks-register
|
||||||
|
vars:
|
||||||
|
service_ks_register_auth: "{{ openstack_keystone_auth }}"
|
||||||
|
service_ks_register_services: "{{ keystone_ks_services }}"
|
||||||
|
run_once: True
|
||||||
|
|
|
@ -15,6 +15,7 @@ service_ks_register_domain: "default"
|
||||||
# fields:
|
# fields:
|
||||||
# 'url'
|
# 'url'
|
||||||
# 'interface'
|
# 'interface'
|
||||||
|
# 'state' (optional)
|
||||||
service_ks_register_services: []
|
service_ks_register_services: []
|
||||||
# A list of users and associated roles for this service to register with
|
# A list of users and associated roles for this service to register with
|
||||||
# Keystone. Each item should provide the following fields:
|
# Keystone. Each item should provide the following fields:
|
||||||
|
|
|
@ -34,6 +34,7 @@
|
||||||
auth: "{{ service_ks_register_auth }}"
|
auth: "{{ service_ks_register_auth }}"
|
||||||
interface: "{{ service_ks_register_interface }}"
|
interface: "{{ service_ks_register_interface }}"
|
||||||
cacert: "{{ service_ks_cacert }}"
|
cacert: "{{ service_ks_cacert }}"
|
||||||
|
state: "{{ item.1.state | default(omit) }}"
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ service_ks_register_services }}"
|
- "{{ service_ks_register_services }}"
|
||||||
- endpoints
|
- endpoints
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fixes an issue where the Keystone admin endpoint would be recreated when
|
||||||
|
upgrading Keystone. The endpoint is now explicitly removed during the
|
||||||
|
upgrade process.
|
|
@ -407,12 +407,22 @@ function test_instance_boot {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function test_keystone_admin_endpoint {
|
||||||
|
echo "TESTING: Keystone admin endpoint removal"
|
||||||
|
if [[ $(openstack endpoint list --service keystone --interface admin -f value | wc -l) -ne 0 ]]; then
|
||||||
|
echo "ERROR: Found Keystone admin endpoint"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "SUCCESS: Keystone admin endpoint removal"
|
||||||
|
}
|
||||||
|
|
||||||
function test_openstack_logged {
|
function test_openstack_logged {
|
||||||
. /etc/kolla/admin-openrc.sh
|
. /etc/kolla/admin-openrc.sh
|
||||||
. ~/openstackclient-venv/bin/activate
|
. ~/openstackclient-venv/bin/activate
|
||||||
test_smoke
|
test_smoke
|
||||||
test_neutron_modules
|
test_neutron_modules
|
||||||
test_instance_boot
|
test_instance_boot
|
||||||
|
test_keystone_admin_endpoint
|
||||||
|
|
||||||
# Check for x86_64 architecture to run q35 tests
|
# Check for x86_64 architecture to run q35 tests
|
||||||
if [[ $(uname -m) == "x86_64" ]]; then
|
if [[ $(uname -m) == "x86_64" ]]; then
|
||||||
|
|
Loading…
Reference in New Issue