Merge "Extra var ironic_enable_keystone_integration added."

2021-08-09 10:53:20 +00:00 · 2021-08-09 10:53:20 +00:00 · 214d34ca7b
commit 214d34ca7b
parent c1e14025ad da4fd2d6a2
4 changed files with 34 additions and 4 deletions
--- a/ansible/roles/ironic/defaults/main.yml
+++ b/ansible/roles/ironic/defaults/main.yml
@ -288,6 +288,7 @@ ironic_enabled_notification_topics: "{{ ironic_notification_topics | selectattr(
 ####################
 # Keystone
 ####################
+ironic_enable_keystone_integration: "{{ enable_keystone | bool }}"
 ironic_ks_services:
  - name: "ironic"
    type: "baremetal"
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@ -6,7 +6,7 @@
 # suppressed by the deployer by setting a value for the option.

 [DEFAULT]
-{% if not enable_keystone | bool %}
+{% if not ironic_enable_keystone_integration | bool %}
 auth_strategy = noauth
 {% endif %}
 debug = {{ ironic_logging_debug }}
@ -52,7 +52,7 @@ connection_recycle_time = {{ database_connection_recycle_time }}
 max_pool_size = {{ database_max_pool_size }}
 max_retries = -1

-{% if enable_keystone | bool %}
+{% if ironic_enable_keystone_integration | bool %}
 [keystone_authtoken]
 www_authenticate_uri = {{ keystone_internal_url }}
 auth_url = {{ keystone_admin_url }}
@ -143,7 +143,7 @@ cafile = {{ openstack_cacert }}
 {% endif %}

 [inspector]
-{% if enable_keystone | bool %}
+{% if ironic_enable_keystone_integration | bool %}
 auth_url = {{ keystone_admin_url }}
 auth_type = password
 project_domain_id = default
@ -160,7 +160,7 @@ endpoint_override = {{ ironic_inspector_internal_endpoint }}
 {% endif %}

 [service_catalog]
-{% if enable_keystone | bool %}
+{% if ironic_enable_keystone_integration | bool %}
 auth_url = {{ keystone_admin_url }}
 auth_type = password
 project_domain_id = default
--- a/doc/source/reference/bare-metal/ironic-guide.rst
+++ b/doc/source/reference/bare-metal/ironic-guide.rst
@ -106,6 +106,28 @@ enabled_boot_interfaces`` option in ``/etc/kolla/config/ironic.conf``:
   [DEFAULT]
   enabled_boot_interfaces = ipxe

+Attach ironic to external keystone (optional)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+In :kolla-ansible-doc:`multi-regional <user/multi-regions.html>` deployment
+keystone could be installed in one region (let's say region 1) and ironic -
+in another region (let's say region 2). In this case we don't install keystone
+together with ironic in region 2, but have to configure ironic to connect to
+existing keystone in region 1. To deploy ironic in this way we have to set
+variable ``enable_keystone`` to ``"no"``.
+
+.. code-block:: yaml
+
+    enable_keystone: "no"
+
+It will prevent keystone from being installed in region 2.
+
+To add keystone-related sections in ironic.conf, it is also needed to set
+variable ``ironic_enable_keystone_integration`` to ``"yes"``
+
+.. code-block:: yaml
+
+    ironic_enable_keystone_integration: "yes"
+
 Deployment
 ~~~~~~~~~~
 Run the deploy as usual:
--- a/releasenotes/notes/update-ironic-template-for-keystone-1ee5f80fda7a21a0.yaml
+++ b/releasenotes/notes/update-ironic-template-for-keystone-1ee5f80fda7a21a0.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    New variable ``ironic_enable_keystone_integration`` was added.
+    It helps to add keystone connection information into
+    ``ironic.conf`` if we want to connect to existing keystone
+    (not installing it at the same time).