Fix Keystone v3 and Horizon

After our switch to keystone-manage bootstrap Horizon is not happy due to v3 not being setup correctly. This patch fixes that This also includes removal of unused variables (transforms them into endpoint url variables) TrivialFix Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
2016-03-01 14:38:47 +00:00 · 2016-03-01 14:38:47 +00:00 · 57124620ab
commit 57124620ab
parent a2fe37fe89
30 changed files with 151 additions and 180 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -162,14 +162,6 @@ openstack_auth:
    password: "{{ keystone_admin_password }}"
    project_name: "admin"

-# This shouldn't be needed for long. It is only temporary until we get the
-# ansible modules sorted out
-openstack_auth_v2:
-    auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v2.0"
-    username: "admin"
-    password: "{{ keystone_admin_password }}"
-    project_name: "admin"
-
 # These roles are required for Kolla to be operation, however a savvy deployer
 # could disable some of these required roles and run their own services.
 enable_glance: "yes"
--- a/ansible/roles/cinder/defaults/main.yml
+++ b/ansible/roles/cinder/defaults/main.yml
@ -50,12 +50,12 @@ cinder_api_image_full: "{{ cinder_api_image }}:{{ cinder_api_tag }}"
 ####################
 # OpenStack
 ####################
-cinder_public_address: "{{ kolla_external_fqdn }}"
-cinder_admin_address: "{{ kolla_internal_fqdn }}"
-cinder_internal_address: "{{ kolla_internal_fqdn }}"
+cinder_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s"
+cinder_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s"
+cinder_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s"

 cinder_logging_debug: "{{ openstack_logging_debug }}"

 cinder_keystone_user: "cinder"

-openstack_cinder_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_cinder_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/cinder/tasks/register.yml
+++ b/ansible/roles/cinder/tasks/register.yml
@ -2,33 +2,12 @@
 - name: Creating the Cinder service and endpoint
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
    -m kolla_keystone_service
-    -a "service_name=cinder
-        service_type=volume
+    -a "service_name={{ item.service_name }}
+        service_type={{ item.service_type }}
        description='Openstack Block Storage'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
-        region_name={{ openstack_region_name }}
-        auth={{ '{{ openstack_cinder_auth }}' }}"
-    -e  "{'openstack_cinder_auth':{{ openstack_cinder_auth }}}"
-  register: cinder_endpoint
-  changed_when: "{{ cinder_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (cinder_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
-  until: cinder_endpoint.stdout.split()[2] == 'SUCCESS'
-  retries: 10
-  delay: 5
-  run_once: True
-
- name: Creating the Cinder v2 service and endpoint
-  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-    -m kolla_keystone_service
-    -a "service_name=cinderv2
-        service_type=volumev2
-        description='Openstack Block Storage'
-        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_cinder_auth }}' }}"
    -e  "{'openstack_cinder_auth':{{ openstack_cinder_auth }}}"
@ -38,6 +17,13 @@
  retries: 10
  delay: 5
  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ cinder_admin_endpoint }}', 'service_name': 'cinder', 'service_type': 'volume'}
+    - {'interface': 'internal', 'url': '{{ cinder_internal_endpoint }}', 'service_name': 'cinder', 'service_type': 'volume'}
+    - {'interface': 'public', 'url': '{{ cinder_public_endpoint }}', 'service_name': 'cinder', 'service_type': 'volume'}
+    - {'interface': 'admin', 'url': '{{ cinder_admin_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'}
+    - {'interface': 'internal', 'url': '{{ cinder_internal_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'}
+    - {'interface': 'public', 'url': '{{ cinder_public_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'}

 - name: Creating the Cinder project, user, and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/ansible/roles/glance/defaults/main.yml
+++ b/ansible/roles/glance/defaults/main.yml
@ -37,12 +37,12 @@ glance_api_image_full: "{{ glance_api_image }}:{{ glance_api_tag }}"
 ####################
 # OpenStack
 ####################
-glance_public_address: "{{ kolla_external_fqdn }}"
-glance_admin_address: "{{ kolla_internal_fqdn }}"
-glance_internal_address: "{{ kolla_internal_fqdn }}"
+glance_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}"
+glance_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}"
+glance_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ glance_api_port }}"

 glance_logging_debug: "{{ openstack_logging_debug }}"

 glance_keystone_user: "glance"

-openstack_glance_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_glance_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}','domain_name':'default'}"
--- a/ansible/roles/glance/tasks/register.yml
+++ b/ansible/roles/glance/tasks/register.yml
@ -6,9 +6,8 @@
        service_type=image
        description='Openstack Image'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ glance_api_port }}'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_glance_auth }}' }}"
    -e "{'openstack_glance_auth':{{ openstack_glance_auth }}}"
@ -18,6 +17,10 @@
  retries: 10
  delay: 5
  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ glance_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ glance_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ glance_public_endpoint }}'}

 - name: Creating the Glance project, user, and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/ansible/roles/heat/defaults/main.yml
+++ b/ansible/roles/heat/defaults/main.yml
@ -27,12 +27,15 @@ heat_engine_image_full: "{{ heat_engine_image }}:{{ heat_engine_tag }}"
 ####################
 # OpenStack
 ####################
-heat_public_address: "{{ kolla_external_fqdn }}"
-heat_admin_address: "{{ kolla_internal_fqdn }}"
-heat_internal_address: "{{ kolla_internal_fqdn }}"
+heat_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s"
+heat_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s"
+heat_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s"
+heat_cfn_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_cfn_port }}/v1"
+heat_cfn_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_cfn_port }}/v1"
+heat_cfn_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}/v1"

 heat_logging_debug: "{{ openstack_logging_debug }}"

 heat_keystone_user: "heat"

-openstack_heat_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_heat_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/heat/tasks/register.yml
+++ b/ansible/roles/heat/tasks/register.yml
@ -6,29 +6,8 @@
        service_type=orchestration
        description='Openstack Orchestration'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s'
-        region_name={{ openstack_region_name }}
-        auth={{ '{{ openstack_heat_auth }}' }}"
-    -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
-  register: heat_endpoint
-  changed_when: "{{ heat_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (heat_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
-  until: heat_endpoint.stdout.split()[2] == 'SUCCESS'
-  retries: 10
-  delay: 5
-  run_once: True
-
- name: Creating the Heat-cfn service and endpoint
-  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-    -m kolla_keystone_service
-    -a "service_name=heat-cfn
-        service_type=orchestration
-        description='Openstack Orchestration'
-        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_cfn_port }}/v1'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}/v1'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_heat_auth }}' }}"
    -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
@ -38,6 +17,13 @@
  retries: 10
  delay: 5
  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ heat_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ heat_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ heat_public_endpoint }}'}
+    - {'interface': 'admin', 'url': '{{ heat_cfn_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ heat_cfn_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ heat_cfn_public_endpoint }}'}

 - name: Creating the Heat project, user, and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/ansible/roles/ironic/defaults/main.yml
+++ b/ansible/roles/ironic/defaults/main.yml
@ -32,10 +32,10 @@ ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}"
 ####################
 # OpenStack
 ####################
-ironic_public_address: "{{ kolla_external_fqdn }}"
-ironic_admin_address: "{{ kolla_internal_fqdn }}"
-ironic_internal_address: "{{ kolla_internal_fqdn }}"
+ironic_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}"
+ironic_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}"
+ironic_admin_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ ironic_api_port }}"

 ironic_logging_debug: "{{ openstack_logging_debug }}"

-openstack_ironic_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_ironic_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/ironic/tasks/register.yml
+++ b/ansible/roles/ironic/tasks/register.yml
@ -6,9 +6,8 @@
        service_type=baremetal
        description='Ironic bare metal provisioning service'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ ironic_admin_address }}:{{ ironic_api_port }}'
-        internal_url='{{ internal_protocol }}://{{ ironic_internal_address }}:{{ ironic_api_port }}'
-        public_url='{{ public_protocol }}://{{ ironic_public_address }}:{{ ironic_api_port }}'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_ironic_auth }}' }}"
    -e "{'openstack_ironic_auth':{{ openstack_ironic_auth }}}"
@ -18,6 +17,10 @@
  retries: 10
  delay: 5
  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ ironic_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'}

 - name: Creating the Ironic project, user, and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@ -20,14 +20,8 @@ keystone_image_full: "{{ keystone_image }}:{{ keystone_tag }}"
 ####################
 # OpenStack
 ####################
-keystone_public_address: "{{ kolla_external_fqdn }}"
-keystone_admin_address: "{{ kolla_internal_fqdn }}"
-keystone_internal_address: "{{ kolla_internal_fqdn }}"
-
-keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}"
-keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}"
-keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}"
+keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3"
+keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3"
+keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}/v3"

 keystone_logging_debug: "{{ openstack_logging_debug }}"
-
-openstack_keystone_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
--- a/ansible/roles/keystone/tasks/start.yml
+++ b/ansible/roles/keystone/tasks/start.yml
@ -10,4 +10,4 @@
      - "kolla_logs:/var/log/kolla/"

 - name: Wait for keystone startup
-  wait_for: host={{ keystone_admin_address }} port={{ keystone_admin_port }}
+  wait_for: host={{ kolla_internal_fqdn }} port={{ keystone_admin_port }}
--- a/ansible/roles/magnum/defaults/main.yml
+++ b/ansible/roles/magnum/defaults/main.yml
@ -23,12 +23,12 @@ magnum_conductor_image_full: "{{ magnum_conductor_image }}:{{ magnum_conductor_t
 ####################
 # OpenStack
 ####################
-magnum_public_address: "{{ kolla_external_fqdn }}"
-magnum_admin_address: "{{ kolla_internal_fqdn }}"
-magnum_internal_address: "{{ kolla_internal_fqdn }}"
+magnum_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ magnum_api_port }}/v1"
+magnum_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ magnum_api_port }}/v1"
+magnum_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ magnum_api_port }}/v1"

 magnum_logging_debug: "{{ openstack_logging_debug }}"

 magnum_keystone_user: "magnum"

-openstack_magnum_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_magnum_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/magnum/tasks/register.yml
+++ b/ansible/roles/magnum/tasks/register.yml
@ -6,9 +6,8 @@
        service_type=container
        description='Openstack Container Service'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ magnum_api_port }}/v1'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ magnum_api_port }}/v1'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ magnum_api_port }}/v1'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_magnum_auth }}' }}"
    -e "{'openstack_magnum_auth':{{ openstack_magnum_auth }}}"
@ -18,6 +17,10 @@
  retries: 10
  delay: 5
  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ magnum_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ magnum_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ magnum_public_endpoint }}'}

 - name: Creating the Magnum project, user, and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/ansible/roles/manila/defaults/main.yml
+++ b/ansible/roles/manila/defaults/main.yml
@ -28,9 +28,12 @@ manila_api_image_full: "{{ manila_api_image }}:{{ manila_api_tag }}"
 #####################
 ## OpenStack
 #####################
-manila_public_address: "{{ kolla_external_fqdn }}"
-manila_admin_address: "{{ kolla_internal_fqdn }}"
-manila_internal_address: "{{ kolla_internal_fqdn }}"
+manila_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s"
+manila_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s"
+manila_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s"
+manila_v2_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s"
+manila_v2_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s"
+manila_v2_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s"

 manila_logging_debug: "{{ openstack_logging_debug }}"

@ -38,5 +41,4 @@ manila_keystone_user: "manila"

 manila_tenant_name: "manila_tenant"

-openstack_manila_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
-
+openstack_manila_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/manila/tasks/register.yml
+++ b/ansible/roles/manila/tasks/register.yml
@ -6,29 +6,8 @@
        service_type=share
        description='Openstack Shared Filesystems'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s'
-        region_name={{ openstack_region_name }}
-        auth={{ '{{ openstack_manila_auth }}' }}"
-    -e  "{'openstack_manila_auth':{{ openstack_manila_auth }}}"
-  register: manila_endpoint
-  changed_when: "{{ manila_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (manila_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
-  until: manila_endpoint.stdout.split()[2] == 'SUCCESS'
-  retries: 10
-  delay: 5
-  run_once: True
-
- name: Creating the Manila v2 service and endpoint
-  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-    -m kolla_keystone_service
-    -a "service_name=manilav2
-        service_type=sharev2
-        description='Openstack Shared Filesystems'
-        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_manila_auth }}' }}"
    -e  "{'openstack_manila_auth':{{ openstack_manila_auth }}}"
@ -38,6 +17,13 @@
  retries: 10
  delay: 5
  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ mistral_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ mistral_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ mistral_public_endpoint }}'}
+    - {'interface': 'admin', 'url': '{{ mistral_v2_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ mistral_v2_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ mistral_v2_public_endpoint }}'}

 - name: Creating the Manila project, user and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/ansible/roles/mistral/defaults/main.yml
+++ b/ansible/roles/mistral/defaults/main.yml
@ -28,12 +28,12 @@ mistral_api_image_full: "{{ mistral_api_image }}:{{ mistral_api_tag }}"
 ####################
 # OpenStack
 ####################
-mistral_public_address: "{{ kolla_external_fqdn }}"
-mistral_admin_address: "{{ kolla_internal_fqdn }}"
-mistral_internal_address: "{{ kolla_internal_fqdn }}"
+mistral_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ mistral_api_port }}"
+mistral_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ mistral_api_port }}"
+mistral_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ mistral_api_port }}"

 mistral_logging_debug: "{{ openstack_logging_debug }}"

 mistral_keystone_user: "mistral"

-openstack_mistral_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_mistral_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/mistral/tasks/register.yml
+++ b/ansible/roles/mistral/tasks/register.yml
@ -6,9 +6,8 @@
        service_type=application_catalog
        description='Openstack Application Catalog'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ mistral_api_port }}'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ mistral_api_port }}'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ mistral_api_port }}'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_mistral_auth }}' }}"
    -e "{'openstack_mistral_auth':{{ openstack_mistral_auth }}}"
@ -18,6 +17,10 @@
  retries: 10
  delay: 5
  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ mistral_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ mistral_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ mistral_public_endpoint }}'}

 - name: Creating the Mistral project, user, and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/ansible/roles/murano/defaults/main.yml
+++ b/ansible/roles/murano/defaults/main.yml
@ -24,12 +24,12 @@ murano_api_image_full: "{{ murano_api_image }}:{{ murano_api_tag }}"
 ####################
 # OpenStack
 ####################
-murano_public_address: "{{ kolla_external_fqdn }}"
-murano_admin_address: "{{ kolla_internal_fqdn }}"
-murano_internal_address: "{{ kolla_internal_fqdn }}"
+murano_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }}"
+murano_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }}"
+murano_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ murano_api_port }}"

 murano_logging_debug: "{{ openstack_logging_debug }}"

 murano_keystone_user: "murano"

-openstack_murano_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_murano_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/murano/tasks/register.yml
+++ b/ansible/roles/murano/tasks/register.yml
@ -6,9 +6,8 @@
        service_type=application_catalog
        description='Openstack Application Catalogue'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }}'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }}'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ murano_api_port }}'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_murano_auth }}' }}"
    -e "{'openstack_murano_auth':{{ openstack_murano_auth }}}"
@ -18,6 +17,10 @@
  retries: 10
  delay: 5
  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ murano_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ murano_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ murano_public_endpoint }}'}

 - name: Creating the Murano project, user, and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@ -48,12 +48,12 @@ openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitc
 ####################
 # OpenStack
 ####################
-neutron_public_address: "{{ kolla_external_fqdn }}"
-neutron_admin_address: "{{ kolla_internal_fqdn }}"
-neutron_internal_address: "{{ kolla_internal_fqdn }}"
+neutron_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}"
+neutron_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}"
+neutron_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ neutron_server_port }}"

 neutron_logging_debug: "{{ openstack_logging_debug }}"

 neutron_bridge_name: "br-ex"

-openstack_neutron_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_neutron_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/neutron/tasks/register.yml
+++ b/ansible/roles/neutron/tasks/register.yml
@ -6,9 +6,8 @@
        service_type=network
        description='Openstack Networking'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ neutron_server_port }}'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_neutron_auth }}' }}"
    -e "{'openstack_neutron_auth':{{ openstack_neutron_auth }}}"
@ -18,6 +17,10 @@
  retries: 10
  delay: 5
  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ neutron_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ neutron_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ neutron_public_endpoint }}'}

 - name: Creating the Neutron project, user, and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/ansible/roles/nova/defaults/main.yml
+++ b/ansible/roles/nova/defaults/main.yml
@ -67,10 +67,10 @@ nova_compute_ironic_image_full: "{{ nova_compute_ironic_image }}:{{ nova_compute
 ####################
 # OpenStack
 ####################
-nova_public_address: "{{ kolla_external_fqdn }}"
-nova_admin_address: "{{ kolla_internal_fqdn }}"
-nova_internal_address: "{{ kolla_internal_fqdn }}"
+nova_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s"
+nova_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s"
+nova_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s"

 nova_logging_debug: "{{ openstack_logging_debug }}"

-openstack_nova_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_nova_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/nova/tasks/register.yml
+++ b/ansible/roles/nova/tasks/register.yml
@ -6,9 +6,8 @@
        service_type=compute
        description='Openstack Compute'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_nova_auth }}' }}"
    -e "{'openstack_nova_auth':{{ openstack_nova_auth }}}"
@ -18,7 +17,10 @@
  retries: 10
  delay: 5
  run_once: True
-
+  with_items:
+    - {'interface': 'admin', 'url': '{{ nova_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ nova_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ nova_public_endpoint }}'}

 - name: Creating the Nova project, user, and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@ -80,7 +80,7 @@ html5proxy_port = {{ nova_spicehtml5proxy_port }}
 [ironic]
 admin_username = {{ ironic_keystone_user }}
 admin_password = {{ ironic_keystone_password }}
-admin_url = {{ openstack_auth_v2.auth_url }}
+admin_url = {{ openstack_auth.auth_url }}
 admin_tenant_name = service
 api_endpoint = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}/v1
 {% endif %}
--- a/ansible/roles/swift/defaults/main.yml
+++ b/ansible/roles/swift/defaults/main.yml
@ -27,9 +27,9 @@ swift_rsyncd_image_full: "{{ swift_rsyncd_image }}:{{ swift_rsyncd_tag }}"
 ####################
 # OpenStack
 ####################
-swift_public_address: "{{ kolla_external_fqdn }}"
-swift_admin_address: "{{ kolla_internal_fqdn }}"
-swift_internal_address: "{{ kolla_internal_fqdn }}"
+swift_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ swift_proxy_server_port }}"
+swift_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ swift_proxy_server_port }}"
+swift_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ swift_proxy_server_port }}"

 swift_logging_debug: "{{ openstack_logging_debug }}"

@ -40,4 +40,4 @@ swift_devices_mount_point: "/srv/node"
 swift_devices_match_mode: "strict"
 swift_devices_name: "KOLLA_SWIFT_DATA"

-openstack_swift_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_swift_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
--- a/ansible/roles/swift/tasks/register.yml
+++ b/ansible/roles/swift/tasks/register.yml
@ -6,9 +6,8 @@
        service_type=object-store
        description='Openstack Object Storage'
        endpoint_region={{ openstack_region_name }}
-        admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ swift_proxy_server_port }}'
-        internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
-        public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
+        url='{{ item.url }}'
+        interface='{{ item.interface }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_swift_auth }}' }}"
    -e "{'openstack_swift_auth':{{ openstack_swift_auth }}}"
@ -18,6 +17,10 @@
  retries: 10
  delay: 5
  run_once: True
+  with_items:
+    - {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
+    - {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
+    - {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}

 - name: Creating the Swift project, user, and role
  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
--- a/docker/keystone/keystone_bootstrap.sh
+++ b/docker/keystone/keystone_bootstrap.sh
@ -17,7 +17,7 @@ REGION=$8
 function get_token {
    unset OS_TOKEN OS_URL
    OS_TOKEN=$(openstack --os-identity-api-version 3 --os-username "${USERNAME}" --os-password "${PASSWORD}" --os-project-name "${PROJECT}" --os-auth-url "${ADMIN_URL}" token issue 2>&1 | awk '/ id / {print $4}')
-    OS_URL="${ADMIN_URL}/v3"
+    OS_URL="${ADMIN_URL}"
 }

 function fail_json {
--- a/docker/kolla-toolbox/Dockerfile.j2
+++ b/docker/kolla-toolbox/Dockerfile.j2
@ -48,7 +48,8 @@ RUN git clone https://github.com/ansible/ansible.git \

 RUN mkdir -p /etc/ansible /usr/share/ansible /home/ansible \
    && echo 'localhost ansible_connection=local' > /etc/ansible/hosts \
-    && useradd --user-group ansible --groups kolla
+    && useradd --user-group ansible --groups kolla \
+    && sed -i 's|  "identity_api_version": "2.0",|  "identity_api_version": "3",|' /usr/lib/python2.7/site-packages/os_client_config/defaults.json

 COPY find_disks.py kolla_keystone_service.py kolla_keystone_user.py kolla_sanity.py kolla_zookeeper.py /usr/share/ansible/
 COPY ansible.cfg /home/ansible/.ansible.cfg
--- a/docker/kolla-toolbox/kolla_keystone_service.py
+++ b/docker/kolla-toolbox/kolla_keystone_service.py
@ -30,9 +30,8 @@ def main():
        description=dict(required=True, type='str'),
        service_name=dict(required=True, type='str'),
        service_type=dict(required=True, type='str'),
-        admin_url=dict(required=True, type='str'),
-        internal_url=dict(required=True, type='str'),
-        public_url=dict(required=True, type='str'),
+        url=dict(required=True, type='str'),
+        interface=dict(required=True, type='str'),
        endpoint_region=dict(required=True, type='str')
    )
    module = AnsibleModule(argument_spec)
@ -41,9 +40,8 @@ def main():
        description = module.params.pop('description')
        service_name = module.params.pop('service_name')
        service_type = module.params.pop('service_type')
-        admin_url = module.params.pop('admin_url')
-        internal_url = module.params.pop('internal_url')
-        public_url = module.params.pop('public_url')
+        url = module.params.pop('url')
+        interface = module.params.pop('interface')
        endpoint_region = module.params.pop('endpoint_region')

        changed = False
@ -61,7 +59,8 @@ def main():

        if service is not None:
            for _endpoint in cloud.keystone_client.endpoints.list():
-                if _endpoint.service_id == service.id:
+                if _endpoint.service_id == service.id and \
+                   _endpoint.interface == interface:
                    endpoint = _endpoint
        else:
            service = cloud.keystone_client.services.create(
@ -72,10 +71,9 @@ def main():
        if endpoint is None:
            changed = True
            cloud.keystone_client.endpoints.create(
-                service_id=service.id,
-                adminurl=admin_url,
-                internalurl=internal_url,
-                publicurl=public_url,
+                service=service.id,
+                url=url,
+                interface=interface,
                region=endpoint_region)

        module.exit_json(changed=changed)
--- a/docker/kolla-toolbox/kolla_keystone_user.py
+++ b/docker/kolla-toolbox/kolla_keystone_user.py
@ -50,7 +50,7 @@ def main():
            module.params['auth'].replace("'", '"'))
        cloud = shade.operator_cloud(**module.params)

-        for _project in cloud.keystone_client.tenants.list():
+        for _project in cloud.keystone_client.projects.list():
            if _project.name == project_name:
                project = _project

@ -64,8 +64,8 @@ def main():

        if not project:
            changed = True
-            project = cloud.keystone_client.tenants.create(
-                tenant_name=project_name)
+            project = cloud.keystone_client.projects.create(
+                name=project_name, domain='default')

        if not role:
            changed = True
@ -75,10 +75,10 @@ def main():
            changed = True
            user = cloud.keystone_client.users.create(name=user_name,
                                                      password=password,
-                                                      tenant_id=project.id)
-            cloud.keystone_client.roles.add_user_role(role=role.id,
-                                                      user=user.id,
-                                                      tenant=project.id)
+                                                      project=project)
+            cloud.keystone_client.roles.grant(role=role,
+                                              user=user,
+                                              project=project)

        module.exit_json(changed=changed)
    except Exception as e: