From f0062331f5855cfe0ce7cae11d65b80719fd49df Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Fri, 30 Jun 2017 19:20:06 +0100 Subject: [PATCH] Fix ironic authentication configuration As of [1], the ironic configuration for neutron, glance, swift, inspector and service_catalog requires explicit configuration of authentication parameters for communication with these services. This change adds the required parameters to [neutron], [glance] and [inspector] sections of ironic.conf. Kolla-ansible does not configure the [swift] or [service_discovery] sections currently. We also replace option [glance] glance_hosts with [glance] glance_api_servers as the former is deprecated. Since we no longer need to support generating configuration for kolla-kubernetes[2], some related options have been cleaned. [1] https://github.com/openstack/ironic/commit/4f9035c24f0465be5728ed9a8a6df76cd6f46ed3 [2] https://blueprints.launchpad.net/kolla-ansible/+spec/clean-k8s-config Change-Id: Ifc239af5f3e44a508fedc9dea08cb06160c4f7f3 Closes-Bug: #1701713 --- ansible/roles/ironic/templates/ironic.conf.j2 | 27 +++++++++++++++---- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index 12579e67dd..4b91decbbb 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -62,18 +62,35 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi default_boot_option = netboot [glance] -glance_host = {{ internal_protocol }}://{% if orchestration_engine == 'KUBERNETES' %}glance-api{% else %}{{ kolla_internal_fqdn }}{% endif %}:{{ glance_api_port }} +glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ ironic_keystone_user }} +password = {{ ironic_keystone_password }} [neutron] -{% if orchestration_engine == 'KUBERNETES' %} -url = {{ internal_protocol }}://neutron-server:{{ neutron_server_port }} -{% else %} url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }} -{% endif %} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ ironic_keystone_user }} +password = {{ ironic_keystone_password }} cleaning_network = {{ ironic_cleaning_network }} [inspector] enabled = true +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ ironic_keystone_user }} +password = {{ ironic_keystone_password }} [agent] deploy_logs_local_path = /var/log/kolla/ironic