Upgrade the Keystone library to use v3

In order to enable and deploy federated Keystone, we need to use version 3 of the Keystone API and the v3 Keystone Client. This work begins that transition by having a set of backwards compatible library commands. Specifically, this commit updates the keystone library to use v3 Keystone Client and the usage of ensure_tenant in the os_keystone tasks to use the v3 admin url. In version 3 of Keystone's Endpoints (Catalog) API each endpoint only has one URL and has separate interface types (public, internal, admin). This change updates all uses of ensure_endpoint to structure the endpoint data in a better way for the ensure_endpoint command in the keystone module. As a result, some incidents where internalurl and adminurl were swapped have been fixed. Note: In new deployments the endpoints will be created using the v3 API and will therefore not be available via the v2 API. This will be a breaking change to legacy CLI clients. The openstack CLI should be used instead. DocImpact Related-Bug: #1470635 Partially-implements: blueprint keystone-federation Change-Id: I2cd4f505e850b4b113452abc25ee00d486b1637d
2015-06-29 23:23:08 -05:00 · 2015-06-29 23:23:08 -05:00 · 8e96db0739
commit 8e96db0739
parent 7f1c4e477c
2 changed files with 17 additions and 7 deletions
--- a/tasks/nova_service_add.yml
+++ b/tasks/nova_service_add.yml
@ -79,10 +79,14 @@
    region_name: "{{ service_region }}"
    service_name: "{{ service_name }}"
    service_type: "{{ service_type }}"
-    publicurl: "{{ service_publicurl }}"
-    adminurl: "{{ service_internalurl }}"
-    internalurl: "{{ service_adminurl }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
+    endpoint_list:
+      - url: "{{ service_publicurl }}"
+        interface: "public"
+      - url: "{{ service_internalurl }}"
+        interface: "internal"
+      - url: "{{ service_adminurl }}"
+        interface: "admin"
  register: add_service
  until: add_service|success
  retries: 5
--- a/templates/nova.conf.j2
+++ b/templates/nova.conf.j2
@ -139,11 +139,17 @@ port = {{ glance_service_port }}
 [neutron]
 url = {{ neutron_service_adminurl }}
 region_name = {{ neutron_service_region }}
+auth_plugin = password
 auth_strategy = keystone
-admin_auth_url = {{ keystone_service_adminurl }}
-admin_password = {{ neutron_service_password }}
-admin_username = {{ neutron_service_user_name }}
-admin_tenant_name = {{ neutron_service_project_name }}
+# Keystone client plugin password option
+password = {{ neutron_service_password }}
+# Keystone client plugin username option
+username = {{ neutron_service_user_name }}
+project_name = {{ neutron_service_project_name }}
+user_domain_name = {{ neutron_service_domain_name |default("Default") }}
+project_domain_name = {{ neutron_service_domain_name |default("Default") }}
+# Keystone client plugin authentication URL option
+auth_url = {{ keystone_service_adminurl }}
 metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
 service_metadata_proxy = {{ nova_metadata_proxy_enabled }}