Support service tokens
Implement support for service_tokens. For that we convert role_name to be a list along with renaming corresponding variable. Additionally service_type is defined now for keystone_authtoken which enables to validate tokens with restricted access rules Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/846347 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690 Change-Id: I883d84859811714362c5b58f33dfae808317bfdc
This commit is contained in:
parent
1f5f88d80e
commit
3e94523ec7
|
@ -102,7 +102,12 @@ aodh_wsgi_processes_max: 16
|
|||
aodh_wsgi_processes: "{{ [[(ansible_facts['processor_vcpus']//ansible_facts['processor_threads_per_core'])|default(1), 1] | max * 2, aodh_wsgi_processes_max] | min }}"
|
||||
|
||||
#Aodh services info
|
||||
aodh_role_name: admin
|
||||
aodh_service_role_names:
|
||||
- admin
|
||||
- service
|
||||
aodh_service_token_roles:
|
||||
- service
|
||||
aodh_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
|
||||
|
||||
## Service Type and Data
|
||||
aodh_service_region: "{{ service_region | default('RegionOne') }}"
|
||||
|
|
|
@ -157,7 +157,7 @@
|
|||
_service_users:
|
||||
- name: "{{ aodh_service_user_name }}"
|
||||
password: "{{ aodh_service_password }}"
|
||||
role: "{{ aodh_role_name }}"
|
||||
role: "{{ aodh_service_role_names }}"
|
||||
_service_endpoints:
|
||||
- service: "{{ aodh_service_name }}"
|
||||
interface: "public"
|
||||
|
|
|
@ -33,6 +33,11 @@ username = {{ aodh_service_user_name }}
|
|||
password = {{ aodh_service_password }}
|
||||
region_name = {{ keystone_service_region }}
|
||||
|
||||
|
||||
service_token_roles_required = {{ aodh_service_token_roles_required | bool }}
|
||||
service_token_roles = {{ aodh_service_token_roles | join(',') }}
|
||||
service_type = {{ aodh_service_type }}
|
||||
|
||||
memcached_servers = {{ aodh_memcached_servers }}
|
||||
|
||||
token_cache_time = 300
|
||||
|
|
Loading…
Reference in New Issue