Simplify identity endpoint
Per the Keystone Install Guide[1] the admin endpoint is superseded in favor of a single public endpoint. As a result, the admin endpoint is no longer deployed by default. [1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components Change-Id: Ic70e3adc4615b3a79a49f8cd739d7505efee91ef Implements: blueprint simplify-identity-endpoint
This commit is contained in:
parent
b9af23547c
commit
0fb71ae5d8
|
@ -52,16 +52,15 @@ db_user = node['openstack']['db']['orchestration']['username']
|
||||||
db_pass = get_password 'db', 'heat'
|
db_pass = get_password 'db', 'heat'
|
||||||
stack_domain_admin = node['openstack']['orchestration']['conf']['DEFAULT']['stack_domain_admin']
|
stack_domain_admin = node['openstack']['orchestration']['conf']['DEFAULT']['stack_domain_admin']
|
||||||
|
|
||||||
identity_endpoint = internal_endpoint 'identity'
|
identity_endpoint = public_endpoint 'identity'
|
||||||
identity_admin_endpoint = admin_endpoint 'identity'
|
|
||||||
|
|
||||||
bind_services = node['openstack']['bind_service']['all']
|
bind_services = node['openstack']['bind_service']['all']
|
||||||
api_bind = bind_services['orchestration-api']
|
api_bind = bind_services['orchestration-api']
|
||||||
api_cfn_bind = bind_services['orchestration-api-cfn']
|
api_cfn_bind = bind_services['orchestration-api-cfn']
|
||||||
api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
|
api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
|
||||||
|
|
||||||
ec2_auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['ec2authtoken']['auth']['version']
|
ec2_auth_uri = ::URI.decode identity_endpoint.to_s
|
||||||
auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['api']['auth']['version']
|
auth_uri = ::URI.decode identity_endpoint.to_s
|
||||||
base_auth_uri = identity_uri_transform auth_uri
|
base_auth_uri = identity_uri_transform auth_uri
|
||||||
|
|
||||||
# We need these URIs without their default path
|
# We need these URIs without their default path
|
||||||
|
@ -79,7 +78,7 @@ node.default['openstack']['orchestration']['conf'].tap do |conf|
|
||||||
conf['heat_api_cfn']['bind_host'] = bind_address api_cfn_bind
|
conf['heat_api_cfn']['bind_host'] = bind_address api_cfn_bind
|
||||||
conf['heat_api_cfn']['bind_port'] = api_cfn_bind['port']
|
conf['heat_api_cfn']['bind_port'] = api_cfn_bind['port']
|
||||||
conf['keystone_authtoken']['auth_url'] = auth_uri
|
conf['keystone_authtoken']['auth_url'] = auth_uri
|
||||||
conf['trustee']['auth_url'] = identity_admin_endpoint
|
conf['trustee']['auth_url'] = identity_endpoint
|
||||||
end
|
end
|
||||||
|
|
||||||
# define secrets that are needed in the heat.conf
|
# define secrets that are needed in the heat.conf
|
||||||
|
|
|
@ -24,9 +24,9 @@ class ::Chef::Recipe
|
||||||
include ::Openstack
|
include ::Openstack
|
||||||
end
|
end
|
||||||
|
|
||||||
identity_admin_endpoint = admin_endpoint 'identity'
|
identity_endpoint = public_endpoint 'identity'
|
||||||
|
|
||||||
auth_url = ::URI.decode identity_admin_endpoint.to_s
|
auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['api']['auth']['version']
|
||||||
|
|
||||||
admin_heat_endpoint = admin_endpoint 'orchestration-api'
|
admin_heat_endpoint = admin_endpoint 'orchestration-api'
|
||||||
internal_heat_endpoint = internal_endpoint 'orchestration-api'
|
internal_heat_endpoint = internal_endpoint 'orchestration-api'
|
||||||
|
|
|
@ -10,7 +10,7 @@ describe 'openstack-orchestration::identity_registration' do
|
||||||
include_context 'orchestration_stubs'
|
include_context 'orchestration_stubs'
|
||||||
|
|
||||||
connection_params = {
|
connection_params = {
|
||||||
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
|
openstack_auth_url: 'http://127.0.0.1:5000/v3/auth/tokens',
|
||||||
openstack_username: 'admin',
|
openstack_username: 'admin',
|
||||||
openstack_api_key: 'admin-pass',
|
openstack_api_key: 'admin-pass',
|
||||||
openstack_project_name: 'admin',
|
openstack_project_name: 'admin',
|
||||||
|
|
|
@ -6,16 +6,19 @@ ChefSpec::Coverage.start! { add_filter 'openstack-orchestration' }
|
||||||
|
|
||||||
require 'chef/application'
|
require 'chef/application'
|
||||||
|
|
||||||
LOG_LEVEL = :fatal
|
RSpec.configure do |config|
|
||||||
|
config.color = true
|
||||||
|
config.formatter = :documentation
|
||||||
|
config.log_level = :fatal
|
||||||
|
end
|
||||||
|
|
||||||
REDHAT_OPTS = {
|
REDHAT_OPTS = {
|
||||||
platform: 'redhat',
|
platform: 'redhat',
|
||||||
version: '7.3',
|
version: '7.4',
|
||||||
log_level: ::LOG_LEVEL,
|
|
||||||
}.freeze
|
}.freeze
|
||||||
UBUNTU_OPTS = {
|
UBUNTU_OPTS = {
|
||||||
platform: 'ubuntu',
|
platform: 'ubuntu',
|
||||||
version: '16.04',
|
version: '16.04',
|
||||||
log_level: ::LOG_LEVEL,
|
|
||||||
}.freeze
|
}.freeze
|
||||||
|
|
||||||
shared_context 'orchestration_stubs' do
|
shared_context 'orchestration_stubs' do
|
||||||
|
@ -207,7 +210,7 @@ shared_examples 'expects to create heat conf' do
|
||||||
describe 'has trustee values' do
|
describe 'has trustee values' do
|
||||||
it 'has default trustee values' do
|
it 'has default trustee values' do
|
||||||
[
|
[
|
||||||
%r{^auth_url = http://127.0.0.1:35357/v3$},
|
%r{^auth_url = http://127.0.0.1:5000/v3$},
|
||||||
/^auth_type = v3password$/,
|
/^auth_type = v3password$/,
|
||||||
/^username = heat$/,
|
/^username = heat$/,
|
||||||
/^password = heat-pass$/,
|
/^password = heat-pass$/,
|
||||||
|
|
Loading…
Reference in New Issue