Upgrade the Keystone library to use v3

Code Issues Proposed changes

In order to enable and deploy federated Keystone, we need to use version
3 of the Keystone API and the v3 Keystone Client. This work begins that
transition by having a set of backwards compatible library commands.
Specifically, this commit updates the keystone library to use v3
Keystone Client and the usage of ensure_tenant in the os_keystone tasks
to use the v3 admin url.
In version 3 of Keystone's Endpoints (Catalog) API each endpoint only
has one URL and has separate interface types (public, internal, admin).
This change updates all uses of ensure_endpoint to structure the
endpoint data in a better way for the ensure_endpoint command in the
keystone module. As a result, some incidents where internalurl and
adminurl were swapped have been fixed.
Note:
In new deployments the endpoints will be created using the v3 API and
will therefore not be available via the v2 API. This will be a breaking
change to legacy CLI clients. The openstack CLI should be used instead.
DocImpact
Related-Bug: #1470635
Partially-implements: blueprint keystone-federation
Change-Id: I2cd4f505e850b4b113452abc25ee00d486b1637d

This commit is contained in:

Ian Cordasco

2015年06月29日 23:23:08 -05:00

committed by Miguel Grinberg

parent 7f1c4e477c

commit 8e96db0739

2 changed files with 17 additions and 7 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

10
tasks/nova_service_add.yml

View File

@@ -79,10 +79,14 @@

region_name:"{{ service_region }}"

service_name:"{{ service_name }}"

service_type:"{{ service_type }}"

publicurl:"{{ service_publicurl }}"

adminurl:"{{ service_internalurl }}"

internalurl:"{{ service_adminurl }}"

insecure:"{{ keystone_service_adminuri_insecure }}"

endpoint_list:

- url:"{{ service_publicurl }}"

interface:"public"

- url:"{{ service_internalurl }}"

interface:"internal"

- url:"{{ service_adminurl }}"

interface:"admin"

register:add_service

until:add_service|success

retries:5

14
templates/nova.conf.j2

View File

@@ -139,11 +139,17 @@ port = {{ glance_service_port }}

[neutron]

url = {{ neutron_service_adminurl }}

region_name = {{ neutron_service_region }}

auth_plugin = password

auth_strategy = keystone

admin_auth_url = {{ keystone_service_adminurl }}

admin_password = {{ neutron_service_password }}

admin_username = {{ neutron_service_user_name }}

admin_tenant_name = {{ neutron_service_project_name }}

# Keystone client plugin password option

password = {{ neutron_service_password }}

# Keystone client plugin username option

username = {{ neutron_service_user_name }}

project_name = {{ neutron_service_project_name }}

user_domain_name = {{ neutron_service_domain_name |default("Default") }}

project_domain_name = {{ neutron_service_domain_name |default("Default") }}

# Keystone client plugin authentication URL option

auth_url = {{ keystone_service_adminurl }}

metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}

service_metadata_proxy = {{ nova_metadata_proxy_enabled }}