From 6a331d4e3742e43228ed16fba07f0d7913df29f3 Mon Sep 17 00:00:00 2001 From: Joshua Harlow Date: Wed, 7 Mar 2018 11:39:23 -0800 Subject: [PATCH] Create and use keystone_admin[project|user] It is not always convenient to use the the given admin project and admin user; especially when some clouds use different user and project for there keystone 'admin' This allows setting the variables for these users to something else, and defaults them to there current values of 'admin'. Change-Id: I22b79a30f01c90a92ecc0974886edf3791518f2f --- ansible/group_vars/all.yml | 23 +++++++++++-------- .../roles/common/templates/admin-openrc.sh.j2 | 6 ++--- etc/kolla/globals.yml | 4 ++++ 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 8694f8e02e..6196f65fbc 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -369,16 +369,6 @@ set_sysctl: "yes" # Valid options are [ none, novnc, spice, rdp ] nova_console: "novnc" -# OpenStack authentication string. You should only need to override these if you -# are changing the admin tenant/project or user. -openstack_auth: - auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}" - username: "admin" - password: "{{ keystone_admin_password }}" - project_name: "admin" - domain_name: "default" - user_domain_name: "default" - # Endpoint type used to connect with OpenStack services with ansible modules. # Valid options are [ public, internal, admin ] openstack_interface: "admin" @@ -594,6 +584,9 @@ keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keyston keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}" keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}" +keystone_admin_user: "admin" +keystone_admin_project: "admin" + default_project_domain_name: "Default" default_project_domain_id: "default" @@ -606,6 +599,16 @@ fernet_token_expiry: 86400 keystone_default_user_role: "_member_" +# OpenStack authentication string. You should only need to override these if you +# are changing the admin tenant/project or user. +openstack_auth: + auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}" + username: "{{ keystone_admin_user }}" + password: "{{ keystone_admin_password }}" + project_name: "{{ keystone_admin_project }}" + domain_name: "default" + user_domain_name: "default" + ####################### # Glance options ####################### diff --git a/ansible/roles/common/templates/admin-openrc.sh.j2 b/ansible/roles/common/templates/admin-openrc.sh.j2 index e400db5fbd..03cb934c40 100644 --- a/ansible/roles/common/templates/admin-openrc.sh.j2 +++ b/ansible/roles/common/templates/admin-openrc.sh.j2 @@ -1,8 +1,8 @@ export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default -export OS_PROJECT_NAME=admin -export OS_TENANT_NAME=admin -export OS_USERNAME=admin +export OS_PROJECT_NAME={{ keystone_admin_project }} +export OS_TENANT_NAME={{ keystone_admin_project }} +export OS_USERNAME={{ keystone_admin_user }} export OS_PASSWORD={{ keystone_admin_password }} export OS_AUTH_URL={{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3 export OS_INTERFACE=internal diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index eff4104acb..5757ceb090 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -290,6 +290,10 @@ kolla_internal_vip_address: "10.10.10.254" # Valid options are [ fernet ] #keystone_token_provider: 'fernet' +#keystone_admin_user: "admin" + +#keystone_admin_project: "admin" + # Interval to rotate fernet keys by (in seconds). Must be an interval of # 60(1 min), 120(2 min), 180(3 min), 240(4 min), 300(5 min), 360(6 min), # 600(10 min), 720(12 min), 900(15 min), 1200(20 min), 1800(30 min),