From 7e14828ef8779cd0e0b05073fc39565800409371 Mon Sep 17 00:00:00 2001
From: Sergey Reshetnyak <sreshetniak@mirantis.com>
Date: Mon, 13 Feb 2017 17:21:21 +0300
Subject: [PATCH] Use keystone_authtoken macros for auth

Change-Id: I5ae6541327e9db1ef1dc60107a7f27b48f73d14c
Depends-on: Icd3a2276097a52e77a31cb7eeeffb2d5bca8492b
---
 service/files/defaults.yaml       |  2 ++
 service/files/nova-ironic.conf.j2 |  6 ++---
 service/files/nova.conf.j2        | 43 ++++++++++++++-----------------
 service/nova-api.yaml             |  7 +++--
 4 files changed, 28 insertions(+), 30 deletions(-)

diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml
index 084bc8c..995f41d 100644
--- a/service/files/defaults.yaml
+++ b/service/files/defaults.yaml
@@ -15,6 +15,8 @@ configs:
       port:
         cont: 8775
       secret: "password"
+    username: nova
+    password: password
     scheduler:
       enabled_filters:
         - RetryFilter
diff --git a/service/files/nova-ironic.conf.j2 b/service/files/nova-ironic.conf.j2
index c717893..e0d5ff4 100644
--- a/service/files/nova-ironic.conf.j2
+++ b/service/files/nova-ironic.conf.j2
@@ -12,8 +12,8 @@ api_endpoint = {{ address('ironic-api', ironic.api_port, with_scheme=True) }}/v1
 auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
 auth_strategy = keystone
 auth_plugin = password
-project_domain_name = default
-user_domain_id = default
-project_name = service
+project_domain_name = {{ service_account.domain }}
+user_domain_name = {{ service_account.domain }}
+project_name = {{ service_account.project }}
 username = {{ ironic.username }}
 password = {{ ironic.password }}
diff --git a/service/files/nova.conf.j2 b/service/files/nova.conf.j2
index 1b540b7..e706def 100644
--- a/service/files/nova.conf.j2
+++ b/service/files/nova.conf.j2
@@ -68,12 +68,21 @@ html5proxy_port = {{ nova.spicehtml5proxy.port.cont }}
 
 {% if role_name == "nova-compute-ironic" %}
 [ironic]
+auth_type = password
+auth_url = {{ address("keystone", keystone.public_port, with_scheme=True) }}
+project_name = {{ service_account.project }}
+username = {{ ironic.username }}
+password = {{ ironic.password }}
+project_domain_name = {{ service_account.domain }}
+user_domain_name = {{ service_account.domain }}
+
+#(TODO) remove these parameters when mitaka support will be dropped
 #(TODO) remember to update this once discoverd is replaced by inspector
-admin_username = {{ ironic_keystone_user }}
-admin_password = {{ ironic_keystone_password }}
-admin_url = {{ openstack_auth_url }}
-admin_tenant_name = service
-api_endpoint = http://{{ address('ironic-api') }}:{{ ironic_api_port }}/v1
+admin_username = {{ ironic.username }}
+admin_password = {{ ironic.password }}
+admin_url = {{ address("keystone", keystone.public_port, with_scheme=True) }}/v2
+admin_tenant_name = {{ service_account.project }}
+api_endpoint = {{ address('ironic-api', ironic.api_port, with_sceme=True) }}/v1
 {% endif %}
 
 [oslo_concurrency]
@@ -96,11 +105,11 @@ service_metadata_proxy = true
 
 auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
 auth_type = password
-project_domain_name = default
-user_domain_id = default
-project_name = service
-username = {{ neutron.db.username }}
-password = {{ neutron.db.password }}
+project_domain_name = {{ service_account.domain }}
+user_domain_name = {{ service_account.domain }}
+project_name = {{ service_account.project }}
+username = {{ neutron.username }}
+password = {{ neutron.password }}
 
 [database]
 connection = mysql+pymysql://{{ nova.db.username }}:{{ nova.db.password }}@{{ address(service.database) }}/{{ nova.db.name }}
@@ -119,19 +128,7 @@ enabled = true
 # FIXME
 memcache_servers = {{ address('memcached', memcached.port) }}
 
-[keystone_authtoken]
-auth_version = v3
-auth_uri = {{ address('keystone', keystone.public_port, with_scheme=True) }}/v3
-auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}/v3
-auth_type = password
-project_domain_id = default
-user_domain_id = default
-project_name = service
-username = {{ nova.db.username }}
-password = {{ nova.db.password }}
-# Here we need to pass an array of memcached daemons, for now we just use DNS
-#FIXME
-memcached_servers = {{ address('memcached', memcached.port) }}
+{{ keystone_authtoken.keystone_authtoken(nova.username, nova.password) }}
 
 [libvirt]
 virt_type = {{ nova.virt_type }}
diff --git a/service/nova-api.yaml b/service/nova-api.yaml
index 3ac1132..3e696e0 100644
--- a/service/nova-api.yaml
+++ b/service/nova-api.yaml
@@ -45,15 +45,14 @@ service:
             - nova.conf
         - name: nova-user-create
           type: single
-          command: openstack user create --project service --password {{ nova.db.password }} {{ nova.db.username }}
+          command: openstack user create --domain {{ service_account.domain }} --password {{ nova.password }} {{ nova.username }}
           dependencies:
-            - keystone-create-project
+            - keystone-create-domain
         - name: nova-role-add
           dependencies:
             - nova-user-create
           type: single
-          command: openstack role add --project service --user {{ nova.db.username }} admin
-
+          command: openstack role add --domain {{ service_account.domain }} --user {{ nova.username }} admin
         - name: nova-service-legacy-create
           dependencies:
             - keystone