Allow for running standalone Ironic w/o keystone

The Ironic templates and roles assume Keystone is enabled and they don't make use of the `enable_keystone var. This patch changes the behavior so that `noauth` is used as auth method for Ironic if keystone is not enabled, the Ironic endpoint is not registered if keystone is not enabled and the keystone section is not created in the config file. Change-Id: I813de42d10ac264eec81076cb107b58af09ff686
2017-06-23 16:21:51 +02:00 · 2017-06-23 16:21:51 +02:00 · bbe9d418ba
commit bbe9d418ba
parent 0cd868243f
2 changed files with 10 additions and 5 deletions
--- a/ansible/roles/ironic/tasks/deploy.yml
+++ b/ansible/roles/ironic/tasks/deploy.yml
@ -1,7 +1,8 @@
 ---
 - include: register.yml
-  when: inventory_hostname in groups['ironic-api'] or
-        inventory_hostname in groups['ironic-inspector']
+  when: enable_keystone | bool and
+        (inventory_hostname in groups['ironic-api'] or
+        inventory_hostname in groups['ironic-inspector'])

 - include: config.yml
  when: inventory_hostname in groups['ironic-api'] or
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@ -6,13 +6,15 @@
 # suppressed by the deployer by setting a value for the option.

 [DEFAULT]
+{% if not enable_keystone | bool %}
+auth_strategy = noauth
+admin_user = {{ openstack_auth.username }}
+admin_password = {{ keystone_admin_password }}
+{% endif %}
 debug = {{ ironic_logging_debug }}

 log_dir = /var/log/kolla/ironic

-admin_user = {{ openstack_auth.username }}
-admin_password = {{ keystone_admin_password }}
-
 enabled_drivers = pxe_ipmitool,pxe_ssh

 transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
@ -34,6 +36,7 @@ automated_clean=false
 connection = mysql+pymysql://{{ ironic_database_user }}:{{ ironic_database_password }}@{{ ironic_database_address }}/{{ ironic_database_name }}
 max_retries = -1

+{% if enable_keystone | bool %}
 [keystone_authtoken]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@ -47,6 +50,7 @@ password = {{ ironic_keystone_password }}
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
 memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+{% endif %}


 [glance]