Use keystone_authtoken macros for auth
Change-Id: I5ae6541327e9db1ef1dc60107a7f27b48f73d14c Depends-on: Icd3a2276097a52e77a31cb7eeeffb2d5bca8492b
This commit is contained in:
parent
5139d5e26a
commit
7e14828ef8
|
@ -15,6 +15,8 @@ configs:
|
|||
port:
|
||||
cont: 8775
|
||||
secret: "password"
|
||||
username: nova
|
||||
password: password
|
||||
scheduler:
|
||||
enabled_filters:
|
||||
- RetryFilter
|
||||
|
|
|
@ -12,8 +12,8 @@ api_endpoint = {{ address('ironic-api', ironic.api_port, with_scheme=True) }}/v1
|
|||
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
|
||||
auth_strategy = keystone
|
||||
auth_plugin = password
|
||||
project_domain_name = default
|
||||
user_domain_id = default
|
||||
project_name = service
|
||||
project_domain_name = {{ service_account.domain }}
|
||||
user_domain_name = {{ service_account.domain }}
|
||||
project_name = {{ service_account.project }}
|
||||
username = {{ ironic.username }}
|
||||
password = {{ ironic.password }}
|
||||
|
|
|
@ -68,12 +68,21 @@ html5proxy_port = {{ nova.spicehtml5proxy.port.cont }}
|
|||
|
||||
{% if role_name == "nova-compute-ironic" %}
|
||||
[ironic]
|
||||
auth_type = password
|
||||
auth_url = {{ address("keystone", keystone.public_port, with_scheme=True) }}
|
||||
project_name = {{ service_account.project }}
|
||||
username = {{ ironic.username }}
|
||||
password = {{ ironic.password }}
|
||||
project_domain_name = {{ service_account.domain }}
|
||||
user_domain_name = {{ service_account.domain }}
|
||||
|
||||
#(TODO) remove these parameters when mitaka support will be dropped
|
||||
#(TODO) remember to update this once discoverd is replaced by inspector
|
||||
admin_username = {{ ironic_keystone_user }}
|
||||
admin_password = {{ ironic_keystone_password }}
|
||||
admin_url = {{ openstack_auth_url }}
|
||||
admin_tenant_name = service
|
||||
api_endpoint = http://{{ address('ironic-api') }}:{{ ironic_api_port }}/v1
|
||||
admin_username = {{ ironic.username }}
|
||||
admin_password = {{ ironic.password }}
|
||||
admin_url = {{ address("keystone", keystone.public_port, with_scheme=True) }}/v2
|
||||
admin_tenant_name = {{ service_account.project }}
|
||||
api_endpoint = {{ address('ironic-api', ironic.api_port, with_sceme=True) }}/v1
|
||||
{% endif %}
|
||||
|
||||
[oslo_concurrency]
|
||||
|
@ -96,11 +105,11 @@ service_metadata_proxy = true
|
|||
|
||||
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
|
||||
auth_type = password
|
||||
project_domain_name = default
|
||||
user_domain_id = default
|
||||
project_name = service
|
||||
username = {{ neutron.db.username }}
|
||||
password = {{ neutron.db.password }}
|
||||
project_domain_name = {{ service_account.domain }}
|
||||
user_domain_name = {{ service_account.domain }}
|
||||
project_name = {{ service_account.project }}
|
||||
username = {{ neutron.username }}
|
||||
password = {{ neutron.password }}
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ nova.db.username }}:{{ nova.db.password }}@{{ address(service.database) }}/{{ nova.db.name }}
|
||||
|
@ -119,19 +128,7 @@ enabled = true
|
|||
# FIXME
|
||||
memcache_servers = {{ address('memcached', memcached.port) }}
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_version = v3
|
||||
auth_uri = {{ address('keystone', keystone.public_port, with_scheme=True) }}/v3
|
||||
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}/v3
|
||||
auth_type = password
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_name = service
|
||||
username = {{ nova.db.username }}
|
||||
password = {{ nova.db.password }}
|
||||
# Here we need to pass an array of memcached daemons, for now we just use DNS
|
||||
#FIXME
|
||||
memcached_servers = {{ address('memcached', memcached.port) }}
|
||||
{{ keystone_authtoken.keystone_authtoken(nova.username, nova.password) }}
|
||||
|
||||
[libvirt]
|
||||
virt_type = {{ nova.virt_type }}
|
||||
|
|
|
@ -45,15 +45,14 @@ service:
|
|||
- nova.conf
|
||||
- name: nova-user-create
|
||||
type: single
|
||||
command: openstack user create --project service --password {{ nova.db.password }} {{ nova.db.username }}
|
||||
command: openstack user create --domain {{ service_account.domain }} --password {{ nova.password }} {{ nova.username }}
|
||||
dependencies:
|
||||
- keystone-create-project
|
||||
- keystone-create-domain
|
||||
- name: nova-role-add
|
||||
dependencies:
|
||||
- nova-user-create
|
||||
type: single
|
||||
command: openstack role add --project service --user {{ nova.db.username }} admin
|
||||
|
||||
command: openstack role add --domain {{ service_account.domain }} --user {{ nova.username }} admin
|
||||
- name: nova-service-legacy-create
|
||||
dependencies:
|
||||
- keystone
|
||||
|
|
Loading…
Reference in New Issue