Optimizing monasca role.

- Making role more compatible with keystone v3 - Replacing variable names with more OSA aligned styling Change-Id: I5b7230301faedfdfa63f12e51ccadcc16c26639a
2016-11-04 12:15:33 +02:00 · 2016-11-04 12:15:33 +02:00 · 57eefc0f84
parent 86b05c62fe
commit 57eefc0f84
13 changed files with 168 additions and 201 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -17,52 +17,51 @@
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
 monasca_package_state: "latest"
 monasca_pip_package_state: "latest"
-debug: false

-## System info
+debug: False
+
 monasca_system_user_name: monasca
 monasca_system_group_name: monasca
+monasca_system_comment: Monasca system user
 monasca_system_user_shell: /bin/false
-monasca_system_comment: monasca system user
 monasca_system_user_home: "/var/lib/{{ monasca_system_user_name }}"
 monasca_bin: "/openstack/venvs/monasca-{{ monasca_venv_tag }}/bin"
 monasca_log_directory: "/var/log/monasca"
 monasca_conf_directory: "/etc/monasca"

+monasca_service_name: monasca
+monasca_service_user_name: monasca
+monasca_readonly_user_name: monasca-read-only
+monasca_service_type: monitoring
+monasca_service_description: "OpenStack Monitoring Service (Monasca)"
+monasca_service_project_name: service
+monasca_service_role_names:
+  - admin
 monasca_service_region: RegionOne
 monasca_service_host: "0.0.0.0"
-monasca_service_port: 8070
+monasca_bind_port: 8070
 monasca_service_publicuri_proto: http
-monasca_service_publicurl: "{{ monasca_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ monasca_service_port }}/v2.0"
+monasca_service_publicurl: "{{ monasca_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ monasca_bind_port }}/v2.0"
 monasca_service_internaluri_proto: http
-monasca_service_internalurl: "{{ monasca_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ monasca_service_port }}/v2.0"
+monasca_service_internalurl: "{{ monasca_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ monasca_bind_port }}/v2.0"
 monasca_service_adminuri_proto: http
-monasca_service_adminurl: "{{ monasca_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ monasca_service_port }}/v2.0"
-monasca_auth_url: "{{ keystone_service_internalurl }}"
-monasca_keystone_auth_plugin: password
-monasca_service_tenant_name: monasca
-monasca_service_project_name: monasca
-monasca_project_domain_name: default
-monasca_user_domain_name: default
+monasca_service_adminurl: "{{ monasca_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ monasca_bind_port }}/v2.0"

-monasca_service_description: "Monasca Monitoring Service"
-monasca_service_name: monasca
-monasca_service_type: monitoring
-monasca_admin_username: monasca-admin
-monasca_regular_username: monasca-user
-monasca_service_admin_role_names: admin
-monasca_backend_database: "influxdb"
+# Name of the virtual env to deploy into
+monasca_venv_tag: untagged
+monasca_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/monasca.tgz

-monasca_use_mod_wsgi: false
+monasca_bin: "/openstack/venvs/monasca-{{ monasca_venv_tag }}/bin"
+
+# Toggle developer mode
+monasca_developer_mode: false

-monasca_api_service_port: 8070
 monasca_api_git_repo: "https://git.openstack.org/openstack/monasca-api"
 monasca_api_git_install_branch: master
 monasca_api_requirements_git_repo: https://git.openstack.org/openstack/requirements
 monasca_api_requirements_git_install_branch: master
-monasca_api_metrics_driver: "monasca_api.common.repositories.influxdb.metrics_repository:MetricsRepository"

-monasca_log_api_service_port: 5607
+monasca_log_api_bind_port: 5607
 monasca_log_api_git_repo: "https://git.openstack.org/openstack/monasca-log-api"
 monasca_log_api_git_install_branch: master
 monasca_log_api_requirements_git_repo: https://git.openstack.org/openstack/requirements
@ -108,19 +107,25 @@ monasca_developer_constraints:
  - "git+{{ monasca_log_api_git_repo }}@{{ monasca_log_api_git_install_branch }}#egg=monasca-log-api"
  - "git+{{ monasca_ceilometer_git_repo }}@{{ monasca_ceilometer_git_install_branch }}#egg=monasca-ceilometer"
  - "git+{{ monasca_common_git_repo }}@{{ monasca_common_git_install_branch }}#egg=monasca-common"
+  - "git+{{ monasca_thresh_git_repo }}@{{ monasca_thresh_git_install_branch }}#egg=monasca-thresh"
  - "git+{{ monasca_transform_git_repo }}@{{ monasca_transform_git_install_branch }}#egg=monasca-transform"
  - "git+{{ monasca_notification_git_repo }}@{{ monasca_notification_git_install_branch }}#egg=monasca-notification"
  - "git+{{ monasca_persister_git_repo }}@{{ monasca_persister_git_install_branch }}#egg=monasca-persister"
  - "git+{{ monasca_python_client_git_repo }}@{{ monasca_python_client_git_install_branch }}#egg=python-monascaclient"

-# Name of the virtual env to deploy into
-monasca_venv_tag: untagged
-monasca_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/monasca.tgz
+# Keystone AuthToken/Middleware
+monasca_keystone_auth_plugin: password
+monasca_service_project_domain_name: Default
+monasca_service_user_domain_name: default

+# Grafana Galera
 monasca_grafana_galera_database: grafana
 monasca_grafana_galera_username: grafana

-pip_install_options: ""
+monasca_backend_database: "influxdb"
+monasca_use_mod_wsgi: false
+
+monasca_api_metrics_driver: "monasca_api.common.repositories.influxdb.metrics_repository:MetricsRepository"

 monasca_services:
  monasca-api:
@ -139,15 +144,15 @@ monasca_requires_pip_packages:
  - python-glanceclient
  - python-keystoneclient
  - python-monascaclient
-  - python-memcached
+  - pyyaml
  - virtualenv
  - virtualenv-tools

-# Common pip packages
 monasca_pip_packages:
  - keystoneauth1
  - simport
  - gunicorn
+  - python-memcached
  - monasca-common
  - monasca-api
  - monasca-log-api
@ -163,3 +168,9 @@ monasca_log_api_config_overrides: {}
 monasca_log_api_logging_overrides: {}
 monasca_notification_yml_overrides: {}
 monasca_persister_yml_overrides: {}
+
+# This variable is used by the repo_build process to determine
+# which host group to check for members of before building the
+# pip packages required by this role. The value is picked up
+# by the py_pkgs lookup.
+monasca_role_project_group: monasca_all
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -16,6 +16,10 @@
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>

+- include: monasca_install_apt.yml
+  static: no
+  when: ansible_pkg_mgr == 'apt'
+
 - name: Create developer mode constraint file
  copy:
    dest: "/opt/developer-pip-constraints.txt"
@ -118,8 +122,7 @@
  retries: 5
  delay: 2
  when: monasca_developer_mode | bool
-  notify:
-    - Restart monasca services
+  notify: Restart monasca services

 - name: Update virtualenv path
  command: >
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -42,19 +42,19 @@

 - include: pre-install.yml
  tags:
-    - os_monasca
+    - monasca-install

 - include: install.yml
  tags:
-    - os_monasca
-
- include: configure.yml
-  tags:
-    - os_monasca
+    - monasca-install

 - include: post-install.yml
  tags:
-    - os_monasca
+    - monasca-config
+
+- include: monasca_init_common.yml
+  tags:
+    - monasca-install

 - include: monasca_service_setup.yml
  static: no
@ -62,9 +62,5 @@
  tags:
    - monasca-install

- include: monasca_init_common.yml
-  tags:
-    - os_monasca
-
 - name: Flush handlers
  meta: flush_handlers
--- a/tasks/monasca_install_apt.yml
+++ b/tasks/monasca_install_apt.yml
@ -1,17 +1,26 @@
 ---
-# Copyright 2016 Internet Solutions (Pty) Ltd
+# Copyright 2016, Walmart Stores, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#    http://www.apache.org/licenses/LICENSE-2.0
+#     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-#
-# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
-# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
+
+- name: Install apt packages for monasca
+  apt:
+    pkg: "{{ item }}"
+    state: "{{ monasca_package_state }}"
+    update_cache: yes
+    cache_valid_time: "{{ cache_timeout }}"
+  register: install_monasca_distro_packages
+  until: install_monasca_distro_packages |success
+  retries: 5
+  delay: 2
+  with_items: "{{ monasca_distro_packages }}"
--- a/tasks/monasca_service_setup.yml
+++ b/tasks/monasca_service_setup.yml
@ -15,26 +15,6 @@
 #
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Ensure the monasca tenant exists
-  keystone:
-    command: "ensure_tenant"
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-    tenant_name: "{{ monasca_service_tenant_name }}"
-    project_name: "{{ monasca_service_project_name }}"
-    description: "{{ monasca_service_description }}"
-  register: add_monasca_tenant
-  until: add_monasca_tenant |success
-  retries: 5
-  delay: 2
-  tags:
-    - monasca-api-setup
-    - monasca-service-add
-    - monasca-setup
-
 - name: Ensure the service for monasca exists
  keystone:
    command: "ensure_service"
@ -55,7 +35,7 @@
    - monasca-service-add
    - monasca-setup

- name: Ensure the monasca admin user exists
+- name: Ensure the monasca user exists
  keystone:
    command: "ensure_user"
    endpoint: "{{ keystone_service_adminurl }}"
@ -63,12 +43,11 @@
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
-    user_name: "{{ monasca_admin_username }}"
-    tenant_name: "{{ monasca_service_tenant_name }}"
-    password: "{{ monasca_admin_password }}"
-    project_name: "{{ monasca_service_project_name }}"
-  register: add_monasca_admin_user
-  until: add_monasca_admin_user |success
+    user_name: "{{ monasca_service_user_name }}"
+    tenant_name: "{{ monasca_service_project_name }}"
+    password: "{{ monasca_service_password | default('changeme') }}"
+  register: add_monasca_user
+  until: add_monasca_user |success
  retries: 5
  delay: 2
  tags:
@ -85,12 +64,11 @@
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
-    user_name: "{{ monasca_regular_username }}"
-    tenant_name: "{{ monasca_service_tenant_name }}"
-    password: "{{ monasca_regular_user_password }}"
-    project_name: "{{ monasca_service_project_name }}"
-  register: add_monasca_regular_user
-  until: add_monasca_regular_user |success
+    user_name: "{{ monasca_readonly_user_name }}"
+    tenant_name: "{{ monasca_service_project_name }}"
+    password: "{{ monasca_readonly_password }}"
+  register: add_monasca_readonly_user
+  until: add_monasca_readonly_user |success
  retries: 5
  delay: 2
  tags:
@ -99,23 +77,22 @@
    - monasca-user-add
    - monasca-setup

- name: Ensure the monasca admin user has the admin role
+- name: Ensure the monasca user has the admin role
  keystone:
    command: "ensure_user_role"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
-    user_name: "{{ monasca_admin_username }}"
-    tenant_name: "{{ monasca_service_tenant_name }}"
+    user_name: "{{ monasca_service_user_name }}"
+    tenant_name: "{{ monasca_service_project_name }}"
    role_name: "{{ item }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
-    project_name: "{{ monasca_service_project_name }}"
-  register: ensure_monasca_admin_roles
-  until: ensure_monasca_admin_roles |success
+  register: ensure_monasca_roles
+  until: ensure_monasca_roles |success
  retries: 5
  delay: 2
-  with_items: "{{ monasca_service_admin_role_names }}"
+  with_items: "{{ monasca_service_role_names }}"

 - name: Ensure the monasca endpoint is registered
  keystone:
--- a/tasks/pre-install.yml
+++ b/tasks/pre-install.yml
@ -15,25 +15,55 @@
 #
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Update Apt sources
-  apt:
-    update_cache: yes
-  register: apt_update
-  until: apt_update | success
+
+- name: Create the monasca system group
+  group:
+    name: "{{ monasca_system_group_name }}"
+    state: "present"
+    system: "yes"
+
+- name: Create the monasca system user
+  user:
+    name: "{{ monasca_system_user_name }}"
+    group: "{{ monasca_system_group_name }}"
+    groups: sudo
+    shell: "{{ monasca_system_user_shell }}"
+    system: "yes"
+    createhome: "yes"
+    home: "{{ monasca_system_user_home }}"
+  register: create_monasca_user
+  until: create_monasca_user | success
  retries: 5
  delay: 2

- name: Install Apt dependencies
-  apt:
-    pkg: "{{ item }}"
-    state: "{{ monasca_package_state }}"
-  register: install_deps
-  until: install_deps | success
-  retries: 5
-  delay: 2
-  with_items: "{{ monasca_distro_packages }}"
+- name: Create monasca's directories
+  file:
+    path: "{{ item.path }}"
+    state: "directory"
+    owner: "{{ item.owner |default(monasca_system_user_name) }}"
+    group: "{{ item.group |default(monasca_system_group_name) }}"
+    mode: "{{ item.mode |default('0750') }}"
+  with_items:
+    - path: "{{ monasca_conf_directory }}"
+    - path: "{{ monasca_system_user_home }}"

- include: pre-monasca-install.yml
-  when:
-    - inventory_hostname in groups['monasca_api']
-    - inventory_hostname in groups['monasca_log_api']
+- name: Test for monasca log directory or link
+  shell: |
+    if [ -h "{{ monasca_log_directory }}" ]; then
+      chown -h {{ monasca_system_user_name }}:{{ monasca_system_group_name }} {{ monasca_log_directory }}
+      chown -R {{ monasca_system_user_name }}:{{ monasca_system_group_name }} "$(readlink {{ monasca_log_directory }})"
+    else
+      exit 1
+    fi
+  register: log_dir
+  failed_when: false
+  changed_when: log_dir.rc != 0
+
+- name: Create monasca log directory
+  file:
+    path: "{{ monasca_log_directory }}"
+    state: "directory"
+    owner: "{{ monasca_system_user_name }}"
+    group: "{{ monasca_system_group_name }}"
+    mode: "0750"
+  when: log_dir.rc != 0
--- a/tasks/pre-monasca-install.yml
+++ b/tasks/pre-monasca-install.yml
@ -1,69 +0,0 @@
---
-# Copyright 2016 Internet Solutions (Pty) Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
-# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
-
- name: Create the monasca system group
-  group:
-    name: "{{ monasca_system_group_name }}"
-    state: "present"
-    system: "yes"
-
- name: Create the monasca system user
-  user:
-    name: "{{ monasca_system_user_name }}"
-    group: "{{ monasca_system_group_name }}"
-    groups: sudo
-    shell: "{{ monasca_system_user_shell }}"
-    system: "yes"
-    createhome: "yes"
-    home: "{{ monasca_system_user_home }}"
-  register: create_monasca_user
-  until: create_monasca_user | success
-  retries: 5
-  delay: 2
-
- name: Create monasca's directories
-  file:
-    path: "{{ item.path }}"
-    state: "directory"
-    owner: "{{ item.owner |default(monasca_system_user_name) }}"
-    group: "{{ item.group |default(monasca_system_group_name) }}"
-    mode: "{{ item.mode |default('0750') }}"
-  with_items:
-    - path: "{{ monasca_conf_directory }}"
-    - path: "{{ monasca_system_user_home }}"
-
- name: Test for monasca log directory or link
-  shell: |
-    if [ -h "{{ monasca_log_directory }}" ]; then
-      chown -h {{ monasca_system_user_name }}:{{ monasca_system_group_name }} {{ monasca_log_directory }}
-      chown -R {{ monasca_system_user_name }}:{{ monasca_system_group_name }} "$(readlink {{ monasca_log_directory }})"
-    else
-      exit 1
-    fi
-  register: log_dir
-  failed_when: false
-  changed_when: log_dir.rc != 0
-
- name: Create monasca log directory
-  file:
-    path: "{{ monasca_log_directory }}"
-    state: "directory"
-    owner: "{{ monasca_system_user_name }}"
-    group: "{{ monasca_system_group_name }}"
-    mode: "0750"
-  when: log_dir.rc != 0
--- a/templates/monasca-api-paste.ini.j2
+++ b/templates/monasca-api-paste.ini.j2
@ -17,6 +17,6 @@ paste.filter_factory = monasca_api.middleware.keystone_context_filter:filter_fac
 [server:main]
 use = egg:gunicorn#main
 host = 0.0.0.0
-port = {{ monasca_api_service_port }}
+port = {{ monasca_bind_port }}
 workers = 1
 proc_name = monasca_api
--- a/templates/monasca-api.conf.j2
+++ b/templates/monasca-api.conf.j2
@ -20,9 +20,9 @@ dimension_names = monasca_api.v2.reference.metrics:DimensionNames
 notification_method_types = monasca_api.v2.reference.notificationstype:NotificationsType

 [security]
-default_authorized_roles = user, domainuser, domainadmin, {{ monasca_regular_username }}
-agent_authorized_roles = {{ monasca_admin_username }}
-read_only_authorized_roles = {{ monasca_regular_username }}
+default_authorized_roles = user, domainuser, domainadmin, {{ monasca_service_user_name }}
+agent_authorized_roles = {{ monasca_service_user_name }}
+read_only_authorized_roles = {{ monasca_readonly_user_name }}
 delegate_authorized_roles = admin

 [messaging]
@ -71,12 +71,17 @@ password = {{ monasca_galera_password }}
 url = "mysql+pymysql://{{ monasca_galera_user }}:{{ monasca_galera_password }}@{{ monasca_galera_address }}/{{ monasca_galera_database }}"

 [keystone_authtoken]
+auth_uri = {{ keystone_service_internalurl }}
+auth_version = v3
 insecure = {{ keystone_service_internaluri_insecure | bool }}
+memcached_servers = {{ memcached_servers }}
+token_cachce_time = 300
+revocation_cache_time = 60
 identity_uri = {{ keystone_service_adminuri }}
-auth_url = {{ keystone_service_internaluri }}
-auth_uri = {{ keystone_service_internaluri }}
 auth_type = {{ monasca_keystone_auth_plugin }}
-project_domain_name = {{ monasca_project_domain_name }}
-user_domain_name = {{ monasca_user_domain_name }}
-username = {{ monasca_admin_username }}
-password = {{ monasca_admin_password }}
+auth_url = {{ keystone_service_internaluri }}
+project_domain_name = {{ monasca_service_project_domain_name }}
+user_domain_name = {{ monasca_service_user_domain_name }}
+project_name = {{ monasca_service_project_name }}
+username = {{ monasca_service_user_name }}
+password = {{ monasca_service_password }}
--- a/templates/monasca-log-api-paste.ini.j2
+++ b/templates/monasca-log-api-paste.ini.j2
@ -16,6 +16,6 @@ paste.filter_factory = monasca_log_api.middleware.role_middleware:RoleMiddleware
 [server:main]
 use = egg:gunicorn#main
 host = 0.0.0.0
-port = {{ monasca_log_api_service_port }}
+port = {{ monasca_log_api_bind_port }}
 workers = 1
 proc_name = monasca_log_api
--- a/templates/monasca-log-api.conf.j2
+++ b/templates/monasca-log-api.conf.j2
@ -16,8 +16,8 @@ kafka_topics = log
 [roles_middleware]
 path = /v2.0/log
 path = /v3.0/logs
-default_roles = user, domainuser, domainadmin, {{ monasca_regular_username }}
-agent_roles = {{ monasca_admin_username }}, admin
+default_roles = user, domainuser, domainadmin, {{ monasca_service_user_name }}
+agent_roles = {{ monasca_service_user_name }}, admin

 [dispatcher]
 logs = monasca_log_api.reference.v2.logs:Logs
@ -26,12 +26,17 @@ versions = monasca_log_api.reference.versions:Versions
 healthchecks = monasca_log_api.reference.healthchecks:HealthChecks

 [keystone_authtoken]
+auth_uri = {{ keystone_service_internalurl }}
+auth_version = v3
 insecure = {{ keystone_service_internaluri_insecure | bool }}
+memcached_servers = {{ memcached_servers }}
+token_cachce_time = 300
+revocation_cache_time = 60
 identity_uri = {{ keystone_service_adminuri }}
-auth_url = {{ keystone_service_internaluri }}
-auth_uri = {{ keystone_service_internaluri }}
 auth_type = {{ monasca_keystone_auth_plugin }}
-pproject_domain_name = {{ monasca_project_domain_name }}
-user_domain_name = {{ monasca_user_domain_name }}
-username = {{ monasca_admin_username }}
-password = {{ monasca_admin_password }}
+auth_url = {{ keystone_service_internaluri }}
+project_domain_name = {{ monasca_service_project_domain_name }}
+user_domain_name = {{ monasca_service_user_domain_name }}
+project_name = {{ monasca_service_project_name }}
+username = {{ monasca_service_user_name }}
+password = {{ monasca_service_password }}
--- a/tests/test-monasca-functional.yml
+++ b/tests/test-monasca-functional.yml
@ -22,7 +22,7 @@
  user: root
  gather_facts: false
  vars:
-      monasca_api: "http://localhost:{{ monasca_api_service_port }}"
+      monasca_api: "http://localhost:{{ monasca_bind_port }}"
  tasks:
    - name: Install openstackclient
      pip:
--- a/tests/test-vars.yml
+++ b/tests/test-vars.yml
@ -38,15 +38,15 @@ monasca_notification_requirements_git_install_branch: master
 monasca_persister_requirements_git_install_branch: master
 monasca_python_client_requirements_git_install_branch: master
 monasca_service_password: "secrete"
-monasca_regular_user_password: "secrete"
-monasca_admin_password: "secrete"
-monasca_project_domain_name: default
-monasca_user_domain_name: default
+monasca_readonly_password: "secrete"
+monasca_service_user_domain_name: default
+monasca_service_project_domain_name: Default
 monasca_service_project_name: service
 monasca_service_region: RegionOne
 monasca_service_user_name: monasca
-monasca_api_service_port: 8070
-monasca_log_api_service_port: 5607
+monasca_readonly_user_name: monasca-read-only
+monasca_bind_port: 8070
+monasca_log_api_bind_port: 5607
 monasca_venv_tag: untagged
 monasca_bin: "/openstack/venvs/monasca-{{ monasca_venv_tag }}/bin"
 storm_nimbus_enabled: true