Use keystone_authtoken macros for auth
Change-Id: I5ae6541327e9db1ef1dc60107a7f27b48f73d14c Depends-on: Icd3a2276097a52e77a31cb7eeeffb2d5bca8492b
This commit is contained in:
parent
5139d5e26a
commit
7e14828ef8
|
@ -15,6 +15,8 @@ configs:
|
||||||
port:
|
port:
|
||||||
cont: 8775
|
cont: 8775
|
||||||
secret: "password"
|
secret: "password"
|
||||||
|
username: nova
|
||||||
|
password: password
|
||||||
scheduler:
|
scheduler:
|
||||||
enabled_filters:
|
enabled_filters:
|
||||||
- RetryFilter
|
- RetryFilter
|
||||||
|
|
|
@ -12,8 +12,8 @@ api_endpoint = {{ address('ironic-api', ironic.api_port, with_scheme=True) }}/v1
|
||||||
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
|
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
|
||||||
auth_strategy = keystone
|
auth_strategy = keystone
|
||||||
auth_plugin = password
|
auth_plugin = password
|
||||||
project_domain_name = default
|
project_domain_name = {{ service_account.domain }}
|
||||||
user_domain_id = default
|
user_domain_name = {{ service_account.domain }}
|
||||||
project_name = service
|
project_name = {{ service_account.project }}
|
||||||
username = {{ ironic.username }}
|
username = {{ ironic.username }}
|
||||||
password = {{ ironic.password }}
|
password = {{ ironic.password }}
|
||||||
|
|
|
@ -68,12 +68,21 @@ html5proxy_port = {{ nova.spicehtml5proxy.port.cont }}
|
||||||
|
|
||||||
{% if role_name == "nova-compute-ironic" %}
|
{% if role_name == "nova-compute-ironic" %}
|
||||||
[ironic]
|
[ironic]
|
||||||
|
auth_type = password
|
||||||
|
auth_url = {{ address("keystone", keystone.public_port, with_scheme=True) }}
|
||||||
|
project_name = {{ service_account.project }}
|
||||||
|
username = {{ ironic.username }}
|
||||||
|
password = {{ ironic.password }}
|
||||||
|
project_domain_name = {{ service_account.domain }}
|
||||||
|
user_domain_name = {{ service_account.domain }}
|
||||||
|
|
||||||
|
#(TODO) remove these parameters when mitaka support will be dropped
|
||||||
#(TODO) remember to update this once discoverd is replaced by inspector
|
#(TODO) remember to update this once discoverd is replaced by inspector
|
||||||
admin_username = {{ ironic_keystone_user }}
|
admin_username = {{ ironic.username }}
|
||||||
admin_password = {{ ironic_keystone_password }}
|
admin_password = {{ ironic.password }}
|
||||||
admin_url = {{ openstack_auth_url }}
|
admin_url = {{ address("keystone", keystone.public_port, with_scheme=True) }}/v2
|
||||||
admin_tenant_name = service
|
admin_tenant_name = {{ service_account.project }}
|
||||||
api_endpoint = http://{{ address('ironic-api') }}:{{ ironic_api_port }}/v1
|
api_endpoint = {{ address('ironic-api', ironic.api_port, with_sceme=True) }}/v1
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
[oslo_concurrency]
|
[oslo_concurrency]
|
||||||
|
@ -96,11 +105,11 @@ service_metadata_proxy = true
|
||||||
|
|
||||||
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
|
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
|
||||||
auth_type = password
|
auth_type = password
|
||||||
project_domain_name = default
|
project_domain_name = {{ service_account.domain }}
|
||||||
user_domain_id = default
|
user_domain_name = {{ service_account.domain }}
|
||||||
project_name = service
|
project_name = {{ service_account.project }}
|
||||||
username = {{ neutron.db.username }}
|
username = {{ neutron.username }}
|
||||||
password = {{ neutron.db.password }}
|
password = {{ neutron.password }}
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
connection = mysql+pymysql://{{ nova.db.username }}:{{ nova.db.password }}@{{ address(service.database) }}/{{ nova.db.name }}
|
connection = mysql+pymysql://{{ nova.db.username }}:{{ nova.db.password }}@{{ address(service.database) }}/{{ nova.db.name }}
|
||||||
|
@ -119,19 +128,7 @@ enabled = true
|
||||||
# FIXME
|
# FIXME
|
||||||
memcache_servers = {{ address('memcached', memcached.port) }}
|
memcache_servers = {{ address('memcached', memcached.port) }}
|
||||||
|
|
||||||
[keystone_authtoken]
|
{{ keystone_authtoken.keystone_authtoken(nova.username, nova.password) }}
|
||||||
auth_version = v3
|
|
||||||
auth_uri = {{ address('keystone', keystone.public_port, with_scheme=True) }}/v3
|
|
||||||
auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}/v3
|
|
||||||
auth_type = password
|
|
||||||
project_domain_id = default
|
|
||||||
user_domain_id = default
|
|
||||||
project_name = service
|
|
||||||
username = {{ nova.db.username }}
|
|
||||||
password = {{ nova.db.password }}
|
|
||||||
# Here we need to pass an array of memcached daemons, for now we just use DNS
|
|
||||||
#FIXME
|
|
||||||
memcached_servers = {{ address('memcached', memcached.port) }}
|
|
||||||
|
|
||||||
[libvirt]
|
[libvirt]
|
||||||
virt_type = {{ nova.virt_type }}
|
virt_type = {{ nova.virt_type }}
|
||||||
|
|
|
@ -45,15 +45,14 @@ service:
|
||||||
- nova.conf
|
- nova.conf
|
||||||
- name: nova-user-create
|
- name: nova-user-create
|
||||||
type: single
|
type: single
|
||||||
command: openstack user create --project service --password {{ nova.db.password }} {{ nova.db.username }}
|
command: openstack user create --domain {{ service_account.domain }} --password {{ nova.password }} {{ nova.username }}
|
||||||
dependencies:
|
dependencies:
|
||||||
- keystone-create-project
|
- keystone-create-domain
|
||||||
- name: nova-role-add
|
- name: nova-role-add
|
||||||
dependencies:
|
dependencies:
|
||||||
- nova-user-create
|
- nova-user-create
|
||||||
type: single
|
type: single
|
||||||
command: openstack role add --project service --user {{ nova.db.username }} admin
|
command: openstack role add --domain {{ service_account.domain }} --user {{ nova.username }} admin
|
||||||
|
|
||||||
- name: nova-service-legacy-create
|
- name: nova-service-legacy-create
|
||||||
dependencies:
|
dependencies:
|
||||||
- keystone
|
- keystone
|
||||||
|
|
Loading…
Reference in New Issue